For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

David_Avera_145's avatar
David_Avera_145
Icon for Nimbostratus rankNimbostratus
Feb 28, 2014

We're still having the same problem. My server contact assures me that those options are on the virtual server and it is resolving DNS addresses. Below is the syntax for the MDM Payload being used to define the per-app-VPN. Is there anything wrong in there? (again - thanks for the help)

 

?xml version="1.0" encoding="UTF-8"?> PayloadContent VPN AuthenticationMethod Password RemoteAddress alabvpn2.xnetqa.com AuthPassword (redacted for security) AuthName (redacted for security) VPNSubType com.f5.F5-Edge-Client.vpnplugin IPv4 OverridePrimary 0 VendorConfig WebLogon false PerAppVpn true OnDemandMatchAppEnabled VPNUUID 9C55106B-687E-4CDF-8037-1D217FDB475F SafariDomains 10.1.2.10 10.1.2.11 Proxies UserDefinedName F5-2 Hand Built PAV VPNType VPN PayloadDescription Configures VPN settings, including authentication. PayloadDisplayName VPN (F5-2 Hand Built PAV) PayloadIdentifier Sybase - Configure.vpn PayloadOrganization Sybase - Configure PayloadType com.apple.vpn.managed.applayer PayloadUUID 5b0a2bf9-b756-46b2-87bd-eee40f3c59d8 PayloadVersion 1 PayloadDescription Payload Count: 1 PayloadDisplayName F5-2 Per-App {0d2c18dc-510e-4645-9593-0874dffa1c45} PayloadIdentifier {0d2c18dc-510e-4645-9593-0874dffa1c45} PayloadOrganization Sybase - iAnywhere PayloadRemovalDisallowed PayloadType Configuration PayloadUUID afaria:{0d2c18dc-510e-4645-9593-0874dffa1c45}-392198275 PayloadVersion 1

 

  • Alexey_384's avatar
    Alexey_384
    Historic F5 Account
    Feb 28, 2014
    What status does Edge client show? What application do you use to connect to backend? If Safari you should set SafariDomains to cover your backend server. Not sure if it works for the ip addresses, according to the Apple help they should be domains. Also Safari may not use tunnel if dns name of the backend can be resolves directly, but it's relates to the on-demands tunnels, and, as I understand, you are using manual tunnels. If you use another application (Dolphin, Chrome), then this application should be deployed using MDM with the same VPNUUDID that is used in mobile profile. Also, Edge 2.0.0 had an issue, and not all apps was able to use tunnel (Chrome e.g.). The issue was fixed in v2.0.1 (current). In some cases the tunnel stops to work until device hard rebooted (manual disconnect of the on-demand tunnel). But at least it should be workable once. If you even can't establish tunnel you should check configuration: username, password, certificate, access policy conformity.