Forum Discussion

Juraj's avatar
Juraj
Icon for Cirrus rankCirrus

I'm sorry, I'm a bit confused now. I'm configuring Network Access VPN for EDGE client. HTTP_RESPONSE_RELEASE doesn't get triggered either by the VPN client.

 

To be honest, I do not follow what you're trying to say.

 

This is my situation:

  • I have Network Access VPN for Edge clients
  • I do not have problems with DHCP, the clients get their IPs assigned properly once they connect to VPN; the IP is from 10.10.1.1-10.10.1.254, routable in our network, but not routable in the Internet
  • everything works without any problems, if I apply AutoMap or SNAT-pool to the Network Resource.

 

My problem is that I want to SNAT only when they go to the Internet, i.e. their traffic leaves via a specific BIGIP interface

 

Shaun_Simmons's avatar
Shaun_Simmons
Icon for Employee rankEmployee
Mar 19, 2020

I'll have to ask my colleagues for additional thoughts.

 

-My thoughts are the inbound and outbound is routed specifically to the SNAT. Knowing if traffic is routed to the internet is not in the same "stream", to know where to route. I'd think the user would have to use the BIGIP as a proxy to the Internet, since the gateway to the Internet is based on their local DHCP derived gateway and DNS. The Edge client creates a HTTPS tunnel to specific apps / links configured via APM.