Forum Discussion

mengler_136249's avatar
mengler_136249
Icon for Nimbostratus rankNimbostratus
Aug 30, 2016

F5 APM ACL's help

We are currently transitioning our VPN connections from Cisco ACS to F5 SSL VPN. Everything is working great, with the exception of the ACL portion where after a user authenticates, we assign ACL's to their session, to further restrict them. The issue is that on ACS, we had the ability to place wildcards in the mask for any octet. Example being, we have 230+ sites, where at each site, a specific appliance (lets say Server1 lives, and always ends in .100). If we have a portion of our IT staff that needs access to only this server, but for each store, we have an ACL written that would allow something along the lines of:

 

PERMIT IP 192.168.243.0 255.255.255.0 10.0.1.100 255.0.255.255

 

192.168.243.0/24 being our VPN lease pool.

 

Now - F5 doesnt support this feature that cisco allows, so im hoping there is a way to input each of these via SSH? Any way that I can help optimize inputting these would be greatly appreciated, as for this situation, each of the ACL's that im transferring from cisco ACS to F5 will require 255 ACE's on the F5 side.

 

No RepliesBe the first to reply