APM VPN:Assign split-tunnel settings dynamically via RADIUS

Question

Hi there,&nbsp;
is it possibly to dynamically assign included split-tunnel networks (included, so only those subnets will be routed through the VPN tunnel) by using a RADIUS attribute?&nbsp;
Like this I could dynamically assign different split-tunnel networks to different users (I know, this is a very exclusive scenario, but about ~50 different settings are needed within our deployment)&nbsp;
Regards,
Saskia&nbsp;

kunjan · Answer

Probably you can try to do a variable assignment after NA resource assignment in VPE&nbsp;

Define the following Configuration Variable:&nbsp;
Type: Network Access&nbsp;
Name: NAname(Select)&nbsp;
Property: address_space_include_dns_name(Referring to split tunnel included Subnets)&nbsp;&nbsp;&nbsp;

Assign it the following value, &nbsp;
Agent Type : RADIUS&nbsp;
Attribute Type: Use RADIUS attribute&nbsp;
Radius attribute name : attribute_name_var(Specify)&nbsp;&nbsp;

Value accepted is in 10.0.0.0/255.0.0.0 format. &nbsp;&nbsp;&nbsp;
This doc also might help 
https://support.f5.com/kb/en-us/solutions/public/13000/000/sol13024&nbsp;
If this radius attribute is under VSA attribute, currently APM doesn't support it. &nbsp;

Forum Discussion

APM VPN:Assign split-tunnel settings dynamically via RADIUS

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

SSL cipher

iApps with load ucs Platform-migrate on newer hardware

Raise your hand if you'll be at AppWorld 2026

Using Terraform to update / modify an existing iRule

getting compiling error when enabling Nginx App_potect

Related Content

SSL VPN Split Tunneling and Office 365

VPN Split Tunneling: The Benefits and Risks

JA4 Part 2: Detecting and Mitigating Based on Dynamic JA4 Reputation

BIG-IP to Azure Dynamic IPsec Tunneling

Regex for dynamic URI

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS