Forum Discussion
JustCooLpOOLe
Cirrocumulus
CirrocumulusSSL VPN - APM and Self-IPs
Hi, I am new to configuring SSL VPNs via APM and I have a question around the lease pools and any correlation to local and floating Self-IPs. Say I have the following:
Active/Standby configuration consisting of two BIG-IPs
SSL VPN via APM including a lease pool of 10.0.1.0/23
Static ACL on SSL VPN to allow access to site1.com and site2.com
My question: Is there a need to have a local and floating self-ip on these BIG-IP devices that exist in the address space assigned to the lease pool?
Thanks in advance!
If the IPs in the lease pool are routable, then I would say yes. If they're just locally significant (ie. only valid between the F5 and the user's client device), then I say no.
There are different ways to do VPN on the F5, and using APM gives you some nice options (checking user ID vs active directory for the group they're in, adding two-factor auth like DUO, sorting users into different groups with their own access profiles, etc). Lastly, be sure your license covers the number of expected users.
Hopefully this answers your question - good luck!
Fallout1984If the IPs in the lease pool are routable, then I would say yes. If they're just locally significant (ie. only valid between the F5 and the user's client device), then I say no.
There are different ways to do VPN on the F5, and using APM gives you some nice options (checking user ID vs active directory for the group they're in, adding two-factor auth like DUO, sorting users into different groups with their own access profiles, etc). Lastly, be sure your license covers the number of expected users.
Hopefully this answers your question - good luck!
JustCooLpOOLeThank you for the reply! Once a user lands on the VPN and given an IP from the lease pool, they will need to access resources that may not be on the F5 so that makes sense that we'll need to add Self-IPs in that address space.
Thanks again!
- Fallout1984
You're welcome!