Forum Discussion
Network Access without SNAT
- Dec 15, 2015
In order to get iRules to fire on traffic traversing SSLVPN, you need to use "Related iRules" configuration from the main APM virtual. You can't do this in the GUI, you have to use tmsh.
like: tmsh modify ltm virtual xxxx related-rules { yyyy }
where xxxx is your virtual server and yyyy is the irule name you want.
This function is pretty new, and I haven't personally tested very much with it. But what happens is that the irule you've specified in "related-rules" gets automatically pushed into the special Network Access listener virtual servers. It's avilable in:
- 11.4.1 hf9+
- 12.0
- 11.6.0 hf6+
- 11.5.3 hf2+
I think also that the system may need to be restarted for these changes to take effect (bigstart restart or reboot).
Hi,
It can help if you can provide your clients with a VS IP instead of the real server IP. In the VS, set up SNAT and optionally a source network if you want to limit the VS to your clients' pool scope. The pool of the VS will contain the real servers.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com