L7 https ACL with APM SSL VPN not working

Hi, thanks for your answer. Looks like the new Forum messed up the answers to my questions since they are all gone....

I posted an answer to my question yesterday showing how we have done it now but it is gone today.

We store the FQDNs and ports (TCL formatted list) the user needs to access in an attribute in LDAP and send this to the f5 during login. An irule then queries the DNS for the IPs of the FQDNs and then creates the ACLs out of this information. To make this a little faster the F5 is set up as a DNS Cache, maybe in the future even as a Slave.

This is working fine so far. Henrik Gyllkrans helped me with the irule. Thanks again Henrik.

We will extend the irule to also be able to catch IP addresses so if you have don't have a name for a service you can also add an IP to the TCL list.

Your idea is something I had in mind as well but then I thought about TLS1.3 where the servername field is encrypted thus we would have the need for SSL termination on the F5 to read the servername. We do not want the F5 to do the SSL termination.

But out of curiosity how do I create the SSL Server INSIDE the Tunnel? Is that automatically done if I don't choose a HTTP and SSL Profile?