Forum Discussion

JustCooLpOOLe's avatar
JustCooLpOOLe
Icon for Cirrocumulus rankCirrocumulus
Jan 08, 2021

SSL VPN - APM and Self-IPs

Hi, I am new to configuring SSL VPNs via APM and I have a question around the lease pools and any correlation to local and floating Self-IPs. Say I have the following:   Active/Standby configura...
application delivery
BIG-IP Access Policy Manager (APM)
LTM
security
  • Fallout1984's avatar
    Fallout1984
    Jan 08, 2021

    If the IPs in the lease pool are routable, then I would say yes. If they're just locally significant (ie. only valid between the F5 and the user's client device), then I say no.

     

    There are different ways to do VPN on the F5, and using APM gives you some nice options (checking user ID vs active directory for the group they're in, adding two-factor auth like DUO, sorting users into different groups with their own access profiles, etc). Lastly, be sure your license covers the number of expected users.

     

    Hopefully this answers your question - good luck!

JustCooLpOOLe's avatar
JustCooLpOOLe
Icon for Cirrocumulus rankCirrocumulus

Thank you for the reply! Once a user lands on the VPN and given an IP from the lease pool, they will need to access resources that may not be on the F5 so that makes sense that we'll need to add Self-IPs in that address space.

 

Thanks again!

Fallout1984's avatar
Fallout1984
Icon for Cirrocumulus rankCirrocumulus
Jan 08, 2021

You're welcome!