For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Barry_Lopes_263's avatar
Barry_Lopes_263
Icon for Nimbostratus rankNimbostratus
May 23, 2016

Need to assign static ip instead of ip from dynamic lease pools

We have a requirement where we need to statically assign ip addresses (Permanently) to users who login to SSL VPN Portal. These will give us further control over assigned resources through ACLS without branching keeping the Access policy profile simple.

 

eg: User A should get IP address 10.10.10.2 User B should get 10.10.10.3 and so on for at least 200 users.

 

Please can anyone help us out with a config guide for the same.

 

WE have tried the following but no success 1) https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13300 2) https://devcentral.f5.com/questions/how-to-lease-static-ip-on-apm

 

application delivery
BIG-IP Access Policy Manager (APM)
security

1 Reply

  • Arnaud_Lemaire's avatar
    Arnaud_Lemaire
    Icon for Employee rankEmployee
    May 24, 2016

    Hello Barry, bot solution should work for you use case. Try again a simple one by assigning statically a client ip variable in the VPE. you can then check when the client is connected if he does have the correct lease ip by going in the report session/session variable menu.

     

    Having said that two paramaters may causse pain if you want to actually see the lease pool IP on the network:

     

    • in the network access List object : SNAT POOL
    • on the Virtual Server : SNAT

    Both needs to be set at none, otherwise big-ip will snat traffic and you will see self IPs instead of you lease pool on your network. Also if you don't SNAT you have to make sure that you network is routing the list pool subnet to the floating self ip of your APM.