Forum Discussion
Miguel_1400
Nimbostratus
NimbostratusVpn Always connected mode
Hello,
We have the Big-ip edge client with the Always Connected mode and I would like to know if it's possible to add some exlcusion to allow explicit IP destination to do not pass througt the VPN SSL ? I know it's possible to add exclusion list but this one is only valable when the big-ip edge client isn't already connected and is in block mode right ?
Is it possible in full tunneling or only on split ?
Regards,
Miguel_1400 This would only be possible with split tunnel.
- Paulius
MVP
Miguel_1400 This would only be possible with split tunnel.
Miguel_1400Hello Paulius
Thank you for your reply 🙂
Can I configure my Big-IP edge client on Always Connected Mode and use Split tunneling ? Can I configure an Wildcard on the Network acces so all traffic would go thought the VPN SSL and Exclude some IPv4 to pass thougt the local user gateway ?
If yes, this kind of configuration still "best practice" ou it's " bricolage" ?
Regards,
- Paulius
Miguel_1400 Sadly I'm not familiar enough to know if Always Connected Mode allows for split tunneling but I would imagine it does because it's only how you define traffic that makes it go through a specific path be it a VPN or anything else that's routed. As for a wildcard for include and then choose to exclude wont work because I believe the F5 is configured an include only. Now you can tunnel all and then exclude specific DNS names but that's about it for a combination of include and exclude I believe.
- LiefZimmerman
Admin
Miguel_1400 - If your post was solved it would be helpful to the community to select *Accept As Solution*.
This helps future readers find answers more quickly and confirms the efforts of those who helped.
Thanks for being part of our community.
Lief
