Forum Discussion
F5 APM added network
why does f5 APM adds this network when I use split tunnel
128.0.0.0 255.255.252.0 On-link 172.22.101.5 1
128.0.0.3 255.255.255.255 On-link 128.0.0.3 281
This causes a problem to my local network
my local network is 128.0.0.0
- P_VergarayEmployee
I've found this, may help you.
https://my.f5.com/manage/s/article/K000140098- Abed_AL-RCirrostratus
Thanks
- Lucas_ThompsonEmployee
The routing that Edge Client (EC) sets is derived from the current routing and whatever the settings are on the client. Windows does have some DNS and proxy idiosyncrasies that necessitate the client to push a "route all traffic over the tunnel" route as 0.0.0.0/1 & 128.0.0.1/1 in some cases, because Windows treats devices with a 0.0.0.0/0 route differently than devices with both 0.0.0.0/1 and 128.0.0.1/1 routes, even though at L3 they're effectively equivalent. You might try to adjust your client PC to a more common "192.168" subnet to see how the behavior changes.
You can find in the Edge Client log files very detailed logging about what is the current (before EC does anything) and what is the result (after EC adjusts the routes) that are set.
Examine these EC logs closely to see how this compares to your Network Access List settings.
- ac89liveAltocumulus
I am familiar with those settings, and this issue does not happen to any other win10 outside my local network.
This happens only to my local network, and cannot change it now to 192.168. because it is complicated
but the question is why the F5 decides to route my local network 128.0.0.0 to its VPN gateway ?
I contacted TAC and they asked to gather some logs from CTU... but they still investigating this issue
It worth mentioning that this is issue not not occur if using browser with network connect enabled after the connection established. This issue only happens with BigIP Edge Client.
- ac89liveAltocumulus
Update#2:
Adding 128.0.0.0 to "IPV4 Exclude Address Space" has resolved the issue.
But, Why we needed to add this?
We have not added 128.0.0.0 to "IPV4 LAN Address Space". So why edge client rerouting 128.0.0.0 to tunnel ?
I asked F5 TAC and waiting for them to answer
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com