Forum Discussion

JustCooLpOOLe's avatar
JustCooLpOOLe
Icon for Cirrocumulus rankCirrocumulus
Jan 08, 2021

SSL VPN - APM and Self-IPs

Hi, I am new to configuring SSL VPNs via APM and I have a question around the lease pools and any correlation to local and floating Self-IPs. Say I have the following:   Active/Standby configura...
application delivery
BIG-IP Access Policy Manager (APM)
LTM
security
  • Fallout1984's avatar
    Fallout1984
    Jan 08, 2021

    If the IPs in the lease pool are routable, then I would say yes. If they're just locally significant (ie. only valid between the F5 and the user's client device), then I say no.

     

    There are different ways to do VPN on the F5, and using APM gives you some nice options (checking user ID vs active directory for the group they're in, adding two-factor auth like DUO, sorting users into different groups with their own access profiles, etc). Lastly, be sure your license covers the number of expected users.

     

    Hopefully this answers your question - good luck!

Fallout1984's avatar
Fallout1984
Icon for Cirrocumulus rankCirrocumulus

If the IPs in the lease pool are routable, then I would say yes. If they're just locally significant (ie. only valid between the F5 and the user's client device), then I say no.

 

There are different ways to do VPN on the F5, and using APM gives you some nice options (checking user ID vs active directory for the group they're in, adding two-factor auth like DUO, sorting users into different groups with their own access profiles, etc). Lastly, be sure your license covers the number of expected users.

 

Hopefully this answers your question - good luck!

JustCooLpOOLe's avatar
JustCooLpOOLe
Icon for Cirrocumulus rankCirrocumulus
Jan 08, 2021

Thank you for the reply! Once a user lands on the VPN and given an IP from the lease pool, they will need to access resources that may not be on the F5 so that makes sense that we'll need to add Self-IPs in that address space.

 

Thanks again!

  • Fallout1984's avatar
    Fallout1984
    Icon for Cirrocumulus rankCirrocumulus
    Jan 08, 2021

    You're welcome!

  • LiefZimmerman's avatar
    LiefZimmerman
    Icon for Admin rankAdmin
    Jan 08, 2021

     - is Alan B's answer worthy of "Select As Best"?

  • JustCooLpOOLe's avatar
    JustCooLpOOLe
    Icon for Cirrocumulus rankCirrocumulus
    Jan 11, 2021

    Well not offense to Alan because it was a good answer, it was the only one so doesn't that make it the best? LOL.

     

    I haven't tested it out but it does sounds reasonable and a really good explanation. Sorry for the late response, it was Friday after all...haha.