Forum Discussion
shashe
Cirrus
Cirrussplit-tunnel but include some public URLs.
How can I configure a split-tunnel on APM for all the private IPs but also include some FQDNs that resolve to public IPs to go through the tunnel?
AlexBCT
Cumulonimbus
CumulonimbusHi Shashe,
You should be able to achieve this with Address spaces (Access ›› Connectivity / VPN : Network Access (VPN) : Address Spaces)
Fill in the publicIP's of the application, together with their FQDN's, and then attach it to the tunnel, under the Split Tunneling section. More details: https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-access-policy-manager-network-access/configuring-address-spaces/what-is-address-space.html
Please note though that this address space only exists since version 16.1. If you are running on earlier versions, you should be able to achieve the same result with with the IP address space and DNS address space directly under the Split Tunneling configuration.
Hope this helps.
shasheAlexBCT I see IP and DNS space in my settings. Can I just put the RFC 1918 space in the IP space tab and add public app's fqdn with wildcard for e.g. *.example.com in DNS space? Will this ensure all the private IPs along with any traffic to that public fqdn passes through the VPN tunnel? I'm little confused with the description has provided for these tabs.
Thank you so much for your response.
- shashe
Should I list the IPs of the public apps in the IP space? there are far too many for me to get a list. I thought a wildcard as mentioned above in the DNS space would solve my issue here. AM I wrong with that?