Forum Discussion
CirrostratusVPN/Network Access ACLs
Can AFM control the traffic of connected network access clients? I am trying to find a way to create VPN ACLs that is easier than the APM ACLs...not being able to use object groups or address lists makes this feel like a horrid process when compared to other VPN solutions like Cisco ASA.
I know there is some 'dynamic' acl option but I am just wondering for informational purposes if it could all be contained on the F5 instead of adding more complexity to the solution.
JWhitesPro_1928To add to this:
A single line in a cisco ACL can result in 50-100 or even more in the VPN acl since you can only do 1 source, one destination and one port in each acl rule. Is this not a problem for anyone else?
The only other thing I thought of was making a IP forwarding virtual server on the F5 that would catch all traffic from the VPN subnet so I could use AFM to create the rules...the problem there is that I miss out on being able to apply ACLs per session easily without having to check and make sure everything lines up perfectly between these two ways of setting acls.
Should I put in a feature request for VPN acls to get a more modern configuration interface/functionality?
Stanislas_Piro2Cumulonimbus
You can try to create a forwarding virtual server listening on vlan/tunnel connectivity profile and with destination 0.0.0.0/0
On that virtual server, assign AFM policy