F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

mike_aws_119486's avatar
mike_aws_119486
Icon for Nimbostratus rankNimbostratus
Apr 23, 2013

LTM / APM to replace Juniper SA/DX

Hi all,

 

Newbie to F5 (well used to work with F5 BIG-IP Load Balancers about 15 years ago but thats another story).

 

We currently have an combination of Juniper DX providing Load Balancing and Juniper SA providing external SSL-VPN to a portal with URL redirection therein.

 

Completing an initial trial/PoC using F5 LTM and APM to replace these functions before committing to full F5 Purchase/Training etc.

 

The Juniper platforms sit in a DMZ network which has access from internal/external users plus onward access to the back-end systems and as such they are all 'single legged'.

 

I have setup the BIG-IP APM/LTM trial on a VMware platform in the same "Single legged" configuration (internal/external are the same network).

 

Have managed get LTM to work without any problems and its doing the job the Juniper DX does today perfectly as follows:

 

o Pools setup within LTM for the back-end app servers

 

o Virtual IPs setup for the individual applications linked to the above pool

 

Internal users can now hit a virtual IP on the LTM and be load-balanced across the back-end app servers.

 

The challenge has been getting APM to provide an SSL-VPN which publishes the backend applications (which are now being load balanced by LTM) using a single external IP/URL with URL re-writing to replace the Juniper SA.

 

Try and I might I can’t get this to work!

 

Assumed from the description this is 'Portal Access' and tried the portal access wizard, if I browse to the external virtual IP I get the F5 logon page, authenticate the user then just get "Internet Explorer cannot display the page".

 

Its as though APM can't resolve the backend URL but have checked the BIG-IP can do DNS resolution for the URLs to be rewritten (DNS points to Virtual IPs on itself and resolve fine from the console).

 

Have tried removing all the stuff added by the wizard and creating manually and still no luck.

 

At the moment I've not assigned certificates to the LTM virtual IP so when users access the sites they get certificate errors, would APM refuse to SSL-VPN connections to URLs which don't have valid certs?

 

Any advice greatfully recieved of where to turn next.

 

Thanks

 

Mike

 

 

 

basic
getting started
new to f5
No RepliesBe the first to reply