For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ward_Delcomyn_9's avatar
Ward_Delcomyn_9
Icon for Nimbostratus rankNimbostratus
Feb 15, 2016

Per-App-VPN using Kerberos Constrained Delegation and Protocol Transition...HELP!

First a picture of what I'm trying to do:   Now for a brief description: We are trying to implement per-app-vpn (AIRWATCH). We stood up a "VPN only" BigIp appliance "VPN1" that hosts the vpn ...
application delivery
BIG-IP Access Policy Manager (APM)
security
Michael_Koyfma1's avatar
Michael_Koyfma1
Icon for Cirrus rankCirrus
Feb 23, 2016

Yes, this should definitely be plausible. You would need to setup a layered internal virtual server that matches the destination of INSIDE1's IP address, enable it to listen only on the Per-App VPN tunnel(that would really be the connectivity profile created for your Per-App VPN policy), and assign Access Policy and Kerberos SSO to it.