Forum Discussion
AltostratusForcing APM/VPN traffic out a certain VLAN
I am using the APM VPN client with a Layer2 on a stick style setup (see below)
Right now i am using it with SNAT Pool: Auto Map, which means all the VPN connected users hide behind the VS IP address. This works for the most part, but what i want to do is show the true source client IP address.
Turning off the SNAT Pool, and adding a static route on my core to point at the VPN Virtual Server to get to the client range solves this. However, due to the static route, i get asymmetric routing for any VLAN my F5 has a selfIP in.
What i want to try and do is to FORCE any connections sourced from the client/APM to go out the VS's VLAN (115)
is this possible in my Layer2 setup with APM?
Please let me know if more information is required.
So looks like i got this working by just making a completely different partition and route domain, then in that partition doing the entire APM VPN wizard and then routing everything through the only available VLAN to that Partition. This way everything has to go to the core switch to get routed and i don't need to worry about anything asyncronous.
abettencourt_15I'm now thinking that perhaps re-creating the entire Access Policy and VS in a new VLAN, then making a new Routing Domain, and assigning that RD to the APM, thus forcing all the traffic through a VLAN unrelated to anything else. Going to try this and update.
- abettencourt_15
So looks like i got this working by just making a completely different partition and route domain, then in that partition doing the entire APM VPN wizard and then routing everything through the only available VLAN to that Partition. This way everything has to go to the core switch to get routed and i don't need to worry about anything asyncronous.