Forum Discussion
Mark_van_D
Cirrostratus
CirrostratusSSL-VPN - Route all traffic via Default Gateway
So another routing question in regards to SSL-VPN.
BIGIP has multiple interfaces.
External - 10.0.0.250 - 10.0.0.0/24
Internal - 192.168.10.250 - 192.168.10.0/24 - contains VSs and Nodes (Nodes have 192.168.10.1 - Firewall as Default Gateway)
Default Route is 10.0.0.1 (Firewall) Firewall has route for 172.16.0.0/24 to 10.0.0.250.
When connecting using SSL-VPN - IP Lease from 172.16.0.0/24, with SNAT enabled can communicate with everything. However have the requirement to move to a Non-SNAT setup.
With Non-SNAT am able to connect to most things except for the Nodes that have the DGW set to 192.168.10.1, which is understandable.
I've tried using NEXTHOP and a Forwarding VS to try and direct all traffic from 172.16.0.0/24 to use DGW 10.0.0.1, but not had any luck.
How can I direct all IP Lease Pool clients to use 10.0.0.1 as the gateway?
Dave_WEmployee
Hello, it should use the DG of the APM/LTM. What makes you think it is not? Might be a good idea to run a pcap and see what is happening with the traffic; you can it in on 0.0 or the connectivity profile itself:
Mark_van_DHi Dave,
It does use the DG for most traffic, but not for the network that it has a direct connection to. Which is fine but that network also has servers on it that don't have the F5 as DG.
I have looked at using Route Domain as well but that brought it's own issues along.
KinWould a layered VS help? Though it may introduce other challenges in your environment.
https://support.f5.com/csp/article/K03113285
https://support.f5.com/csp/article/K74534456