For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

cjl1775's avatar
cjl1775
Icon for Nimbostratus rankNimbostratus
Apr 07, 2022

SSL VPN question

Hello all new to the form but have a question on ssl vpn config

have a f5 with vpn floating ip set 192.168.10.250 and 192.168.10.251 these are the defualt gateways

created a new vlan and interface of 192.168.11.2 gw 192.168.11.1 this is what we would like to use as the source ip for ssl traffic using a pool 192.168.100.0/24 the up stream router already points to the 192.168.100.0/24 pool is this doable 

there is a route in the f5 to point the pool ip 192.168.100.0/24 to  the 192.168.11.2 address all other routing points to the floating ip 192.168.10.250/192.168.10.251

 

 

 

 

application delivery

4 Replies

  • cjl1775's avatar
    cjl1775
    Icon for Nimbostratus rankNimbostratus
    Apr 07, 2022

    As a note this is just tryinh to prevent any asymetric data flow for the vpn

  • cjl1775's avatar
    cjl1775
    Icon for Nimbostratus rankNimbostratus
    Apr 08, 2022

    how to use the thrid floating ip 192.168.11.2 to be the source for all vpn traffic. not the  other floating ip addresses?

     

    • Sebastiansierra's avatar
      Sebastiansierra
      Icon for MVP rankMVP
      Apr 08, 2022

      Hi,

      You can create a Snat pool and then assign it to the Virtual Server. for the source addr translation, you can follow the steps in the next link:

      https://support.f5.com/csp/article/K47945399

      By default when you configure automap, the system use the Float IPs but you can modify this behavior assigning a Snat pool and forcing the VS use this IP to deliver the traffic.