Forum Discussion

butt_usmanali's avatar
Icon for Nimbostratus rankNimbostratus
Jan 18, 2019

Source based routing (Policy based routing) on BIG-IP F5

I've multiple DHCP pools for different VPN profiles (Different subnets) on BIG-IP APM, and I want to route internet traffic for the users through VPN (Force all traffic through VPN), I have multiple self IPs through which I have connectivity to different sub-interfaces on perimeter firewall and core firewall.


My current routing table is as below


Internal subnet > Core Firewall


Default Route> Perimeter Firewall (DMZ Interface)


My default route on the BIG-IP F5 is the sub-interface of perimeter firewall which is in DMZ to entertain the requests from internet coming to the DMZ.


By default, all the internet traffic coming from VPN users take default route and hit's DMZ interface on the perimeter, but I want to forward all VPN users traffic to another sub-interface of the perimeter firewall (using another self IP), how I can achieve this?


I want to do routing as below




1 Reply

  • Create a Performance L4 VS on the input VLAN with the pool as the gateway ( set translate address and port to off ).