SSL-VPN - Route all traffic via Default Gateway

Question

So another routing question in regards to SSL-VPN.&nbsp;BIGIP has multiple interfaces.External - 10.0.0.250 - 10.0.0.0/24Internal - 192.168.10.250 - 192.168.10.0/24 - contains VSs and Nodes (Nodes have 192.168.10.1 - Firewall as Default Gateway)Default Route is 10.0.0.1 (Firewall)  Firewall has route for 172.16.0.0/24 to 10.0.0.250.&nbsp;When connecting using SSL-VPN - IP Lease from 172.16.0.0/24, with SNAT enabled can communicate with everything.  However have the requirement to move to a Non-SNAT setup.&nbsp;With Non-SNAT am able to connect to most things except for the Nodes that have the DGW set to 192.168.10.1, which is understandable.&nbsp;I've tried using NEXTHOP and a Forwarding VS to try and direct all traffic from 172.16.0.0/24 to use DGW 10.0.0.1, but not had any luck.&nbsp;How can I direct all IP Lease Pool clients to use 10.0.0.1 as the gateway?&nbsp;&nbsp;

dave_w · Answer

Hello, it should use the DG of the APM/LTM. What makes you think it is not? Might be a good idea to run a pcap and see what is happening with the traffic; you can it in on 0.0 or the connectivity profile itself:&nbsp;https://support.f5.com/csp/article/K411

mark_van_d · Answer

Hi Dave,&nbsp;It does use the DG for most traffic, but not for the network that it has a direct connection to. Which is fine but that network also has servers on it that don't have the F5 as DG.I have looked at using Route Domain as well but that brought it's own issues along.

kin · Answer

Would a layered VS help? Though it may introduce other challenges in your environment.https://support.f5.com/csp/article/K03113285https://support.f5.com/csp/article/K74534456

Forum Discussion

Recent Discussions

What configuration issue am I experiencing with this 130-domain VS ?

Ivanti MDM Core & F5 LTM/ASM with mTLS

F5 BIGIP & XC certbot plugin

Hardware BIG-IP appliance reach EOSS, but the software version running on it not yet?

F5 radius login not working