Forum Discussion
NimbostratusInternet access on F5 VPN with SNAT and split-tunnel disabled
Hi. I'm relatively new to the F5 environment, and we have a 4200 appliance set up to provide remote access services. We deployed a VPN profile and connect using the Edge client and local access is fine, but internet access is not. We managed to get internet working using a local proxy server, but that didn't work for non-standard ports (other than 80 and 443).
In doing some research it looks like without the proxy server, the internet traffic is trying to go out through the outside interface (which is blocked) and not the inside interface and based on the way the routing table is configured, this behavior is correct.
I come from the Cisco AnyConnect VPN world where we would use Policy Based Routing, I've searched and found multiple articles, but nothing clear. Some talk about using Virtual services instead of static routes but being a new to the F5 this is something that I've not had any experience.
Any Configuration guides or samples that anyone can provide would be appreciated.
Thanks
1 Reply
Leonardo_SouzaCirrocumulus
You are using F5 APM module. However the APM uses internally another module called LTM. Virtual Servers are LTM objects.
You first need to split the problem in 2 small problems:
1 - Internet traffic must go inside the VPN
2 - The F5 must have access to the Internet to be able to route the traffic to the Internet
First point, requires APM configuration. Second point, requires LTM configuration and routing in your network.
Very important is to make sure traffic returning from the Internet goes back to F5 unit and consequently the VPN tunnel. SNAT can help with that.
Some documentation that can help you with that:
https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-network-access-12-1-0.html
