Forum Discussion

Tyson_James's avatar
Tyson_James
Icon for Cirrus rankCirrus
Dec 26, 2018

Can APM provide access to a specific subnet...

I am new to APM and have been asked to provide an external vendor to connectivity to a specific internal subnet through our existing APM SSL VPN. I know how to add App tunnels and RDP access, I just...
application delivery
BIG-IP Access Policy Manager (APM)
AMiles_377865's avatar
AMiles_377865
Icon for Cirrocumulus rankCirrocumulus
Dec 26, 2018

Hello Tyson,

 

I think creating a custom access control list attached to a full webtop seems like the perfect way to solve your problem. There's an f5 article on ACLs here that would be a good place to get started on implementing them into your existing SSL VPN set-up.

 

Basically, I would have the ACL limit access to a specific destination IP address range (the range being the subnet) for this external vendor. There's a couple different ways of doing it but the basic principle would be the same across the board. The benefit of an ACL is that it is highly customizable; you can set it up however you want.

 

Feel free to ask if you have any follow-up questions,

 

Austin

 

Tyson_James's avatar
Tyson_James
Icon for Cirrus rankCirrus
Dec 27, 2018

Thanks for the feedback. So, I have created a custom ACL and applied it to a full webtop. I have no ideas what this vendor intends on doing once connected ( RDP or SSH into a server, something else???, etc ), so I guess my question now becomes, how to they access what they need? They are used to having a full VPN client, connect to our network and just open up the native Windows applications they need to use. Now, it would seem that any application access would need to be initiated through the webtop. Am I correct in this thinking? If so, how would they do that, since just opening the native Windows applications would bypass the SSL VPN and try to go out their standard Internet connection.