Forum Discussion

Zuke_254875's avatar
Icon for Altostratus rankAltostratus
Jan 11, 2018

SSL VPN - Access to internal resources without SNAT

I have a single-arm F5 (one VLAN for both external and internal IP address ranges). The internal, private IP addresses are assigned to VPN clients. The security team needs to build firewall rules around those private DHCP addresses, so SNAT isn't an option.


The default route on the F5 points to the public IP address of the shared VLAN.


When I configure the Network Access with Proxy ARP, internal resources see the client IP as showing up as the public local (non-float) self-IP address.


When I disable Proxy ARP, the internal resources see the DHCP address, but I'm unable to connect to them; no ARP entries on the router with client MAC/IP addresses. External resources are reachable (Split tunnel).


Anybody have suggestions on what to try next?