Jonathon_Page
Aug 22, 2018Nimbostratus
VPN and internet access issues - default gateway biting me.
Hi,
We currently have an F5 configured using the APM/LTM for SSL VPN.
For internet access we were using our web filtering appliances as a proxy setup as we don't allow split-tunnel. We are moving to NGFW and the proxies are going away. We've tried just removing the proxy configuration but the traffic hits the inside interface and then dies (I'm assuming it's because we have a static default route pointing to the firewalls DMZ IP). Our VPN is using an internally routable address and SNAT is off on it to allow users to use our VOIP software.
I've searched Dev Central on topics like PBR, VRF, etc and I can't find any good examples how to accomplish what I need to do. I've read discussions regarding using FastL4, but most of the comments are just that, and no actionable code (I've got some F5 experience, but most of it basic).
Back in my Cisco days, I would just put the outside (internet) in its own VRF, and I thought about using route domains, but I tried to create a new domain and move the external VLAN into it and I just got an error about it not being able to be moved (I'm wondering if this is because I have virtual servers using that IP scope?)
Thanks for any direction.
Jon