Forum Discussion

Altostratus

May 19, 2016

cant access to management interface after vpn using apm established

i had configured network access vpn using APM module, i tried to split tunneling the network of my management access, but unfortunately when the vpn established i cant connect to my f5 management int...

application delivery

BIG-IP

BIG-IP Access Policy Manager (APM)

Employee

May 19, 2016

This is actually a well-intentioned security feature, but you can get around it with the following trick:

Create a simple LTM virtual server - you can bind this to the VPN connectivity profile "VLAN" or to an internal VLAN (do NOT bind this to an external VLAN)
Apply a simple client SSL profile to the VIP
Apply a simple server SSL profile to the VIP
Apply the following iRule to the VIP:
```
when CLIENT_ACCEPTED {
    node 127.0.0.1 443
}
```
Depending on platform version you may need to use an internal VLAN self-IP instead of 127.0.0.1.

Jimmy
Nimbostratus
Feb 27, 2023
From v15.1/16.1 a db value needs to be changed in order to use this iRule. Details here: https://my.f5.com/manage/s/article/K05413010
imabbas_90
Altocumulus
Oct 12, 2023
Hello Mate thanks i was also facing same issue. After connecting to the VPN cant connect to the SAME F5 device.
After creating the Virtual server with the MGMT IP of F5 and allowing All VLAN and tunnels then created Irule
when CLIENT_ACCEPTED { node 127.0.0.1 443}
then created one more VIP for port 22

when CLIENT_ACCEPTED { node 127.0.0.1 22 }
it's working now.