Forum Discussion
freman_200486
Nimbostratus
NimbostratusiRule matching destination address using VPN
Hello,
I have a F5 running LTP/APM and I'm using the EDGE-client for SSL-VPN. As it is now I'm using a full tunnel since I have both outside and inside of the F5 connected to a firewall.
Right no...
Kai_Wilke
MVP
MVPHi Fremann,
you have to change [IP::client_addr] (src_addr) to [IP::local_addr] (dst_addr).
Note: To see the available IP addreses, you could implement some debug code to write every [IP::x_addr] command into your logfiles.
when CLIENT_ACCEPTED {
if { [catch {
log -noname local0.debug "Client_Addr: [IP::client_addr]"
}]} then {
log -noname local0.debug "Client_Addr: Not available"
}
if { [catch {
log -noname local0.debug "Server_Addr: [IP::server_addr]"
}]} then {
log -noname local0.debug "Server_Addr: Not available"
}
if { [catch {
log -noname local0.debug "Local_Addr: [IP::local_addr] "
}]} then {
log -noname local0.debug "Local_Addr: Not available"
}
if { [catch {
log -noname local0.debug "Remote_Addr: [IP::remote_addr]"
}]} then {
log -noname local0.debug "Remote_Addr: Not available"
}
}
Cheers, Kai