For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

LarsKristensson's avatar
LarsKristensson
Icon for Altocumulus rankAltocumulus
Sep 17, 2025
Solved

How to nexthop all requests from VPN clients?

I have VPN access configured under APM, and a Virtual Server acting the access point. The VPN is working well. I now need to route all traffic (all requests) coming from VPN clients to another route...
routing
security
vpn
  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    Sep 17, 2025

    Hello,

     

    You have to create a new Performance L4 Virtual server with destinatin IP 0.0.0.0/0, port * and protocol ANY

    Set as default pool a pool which will have as pool member the router you want to use

    Enable Virtual server only on specific vlan and select the vpn tunnel you are using

    Deselect Destination address translation 

     

    With the above all traffic from vpn will be catched by the new VS and forwarded to the router you want.

Juergen_Mang's avatar
Juergen_Mang
Icon for MVP rankMVP
Sep 18, 2025

I would create a new route domain with a default gateway to this router and route the VPN traffic into this route domain. There is a route domain assignment action in the VPE.

  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    Icon for Nacreous rankNacreous
    Sep 18, 2025

    Definitely gonna work too.

    Just a note that a new vlan is needed in this case, assigned to the new route domain. Vpn subnet needs to be routed back to the floating IP of the new vlan. Strict Isolation might also need to be disabled both in default and new route domain.

  • LarsKristensson's avatar
    LarsKristensson
    Icon for Altocumulus rankAltocumulus
    Sep 18, 2025

    There is currently no separate VLAN between the BIG-IP and the central router. While one could be created, I would prefer a solution that doesn't require it.