Forum Discussion

Agruet_315245's avatar
Agruet_315245
Icon for Nimbostratus rankNimbostratus
Apr 03, 2017

BIGIP APM and Management Interface and/or UI.

Dear F5 experts,

 

I recently settled my first VPN client access through APM. I Created a profile, assigned a Policy based on a local user DB, settled the network property and everything is working like a charm.

 

However, there is something i would like to see working, even i know this is not a good practice, How, you guys, access to the management UI through a VPN client ? I understand TMM is separated of Management console port and these Vlans are not visible them each other.

 

Since our HA pair of BIGIP VE are hosted on a cloud platform i don't see how i can take advantage of the VPN Client access to reach the BIGIP Management IP and play with the Configuration Utility.

 

Maybe there is a secret trick, so please share your insights.

 

Thanks

 

  • Dear,

    Copied from the below devcentral article where Kevin Stewart answered it :

    https://devcentral.f5.com/questions/cant-access-to-management-interface-after-vpn-using-apm-established

    "This is actually a well-intentioned security feature, but you can get around it with the following trick:

    Create a simple LTM virtual server - you can bind this to the VPN connectivity profile "VLAN" or to an internal VLAN (do NOT bind this to an external VLAN) Apply a simple client SSL profile to the VIP Apply a simple server SSL profile to the VIP Apply the following iRule to the VIP:

    when CLIENT_ACCEPTED {
    node 127.0.0.1 443
    }
    

    Depending on platform version you may need to use an internal VLAN self-IP instead of 127.0.0.1."

    Hope it helps..