Forum Discussion

Mark_van_D's avatar
Icon for Cirrostratus rankCirrostratus
Jun 30, 2020

SSL-VPN - Route all traffic via Default Gateway

So another routing question in regards to SSL-VPN.


BIGIP has multiple interfaces.

External - -

Internal - - - contains VSs and Nodes (Nodes have - Firewall as Default Gateway)

Default Route is (Firewall) Firewall has route for to


When connecting using SSL-VPN - IP Lease from, with SNAT enabled can communicate with everything. However have the requirement to move to a Non-SNAT setup.


With Non-SNAT am able to connect to most things except for the Nodes that have the DGW set to, which is understandable.


I've tried using NEXTHOP and a Forwarding VS to try and direct all traffic from to use DGW, but not had any luck.


How can I direct all IP Lease Pool clients to use as the gateway?



3 Replies

  • Hello, it should use the DG of the APM/LTM. What makes you think it is not? Might be a good idea to run a pcap and see what is happening with the traffic; you can it in on 0.0 or the connectivity profile itself:


    • Mark_van_D's avatar
      Icon for Cirrostratus rankCirrostratus

      Hi Dave,


      It does use the DG for most traffic, but not for the network that it has a direct connection to. Which is fine but that network also has servers on it that don't have the F5 as DG.

      I have looked at using Route Domain as well but that brought it's own issues along.

  • Would a layered VS help? Though it may introduce other challenges in your environment.