Forum Discussion
Relaying netboot/bootp/DHCP traffic for VPN user
So with the client connected via VPN (APM Network Access) I would think so. Typically for accessing remote VPN connected clients you want to go into the APM Network Access configuration and disable SNAT. This means the source of the traffic over the VPN would now be on of the IPs assigned to the client via the Network Access Lease Pool.
Keep mind if this is a unique Lease Pool Address/Subnet (i.e. does not exist on your network) you would need to add routes on your network to send the traffic back to APM or if Lease Pool Address/Subnet addresses already exist on your network you would need to enable Proxy ARP in the APM Network Access configuration.
Hi Dave,
Thanks in advance!
SNAT is disabled and Proxy ARP is enabled and I can connect to the client IP assigned by APM ( see configuration below ).
The question is can we relay broadcast traffic from the client to specific IP outside the APM network?
Just to be more specific :
When the VirtualMachine it send DHCPDISCOVER message on the network using the destination address 255.255.255.255.
How do we capture this broadcast message so that we can relay it to the appropriate server that lives on the other side of the tunnel?
apm resource network-access vpn_profile {
address-space-exclude-dns-name { }
address-space-exclude-subnet { }
address-space-include-subnet { }
address-space-local-subnets-excluded true
application-launch-warning false
client-interface-speed 2147483648
customization-group vpn_profile_resource_network_access_customization
dns-enforce-search-order false
dns-primary x.x.x.x
dns-register-connection true
dns-secondary x.x.x.x
dns-suffix example.com
leasepool-name vpn-ict
microsoft-network-server true
optimized-app { }
preserve-source-port-strict all
provide-client-cert false
proxy-arp true
snat none
split-tunneling true
supported-ip-version ipv4
sync-with-active-directory true
}
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com