Forum Discussion
NimbostratusDTLS Option IN APM SSL VPN F5
Hi all,
We are completed APM SSL VPN on F5 4000 s, Previously we are using UAG and web based ssl vpn. In F5 We using full tunnel method , We got information from some people enable the DTLS option in APM virtual sever is provide better performance and reduce the bandwidth.
Kindly advise us to enable DTLS in F5.
Regards, Mariappan S
2 Replies
Andrew_HuskingCirrus
On the F5,
Go APM > Network Access > "Network policy you assign" > Network Settings > Tick the DTLS tick box, and open up the DTLS port you assign on your firewalls.
That's all there is to it.
Seth_CooperEmployee
You need to configure the option in the Network Access resource as Andrew said and you will also have to create a UDP Virtual Server listening on port 4433 with the connectivity profile selected in the Virtual Server configuration.
If you have the option selected in network access but no virtual configured or if you have a connectivity issue between the client and APM you the client will stay on TCP 443 but if the client can connect on UDP 4433 it will use DTLS for the tunnel.
This excerpt is from the APM manual...
"Select this option to use Datagram Transport Level Security with the network access connection. This option uses UDP as the transport to provide better throughput for latency-sensitive applications like VoIP or streaming video, especially with lossy connections. If the port used by DTLS is blocked by an intermediate firewall or gateway, or not available, the connection automatically falls back to TLS or SSL."
Hope this helps,
Seth
