APM-DHCP Access Policy Example and Detailed Instructions

Prepared with Mark Quevedo, F5 Principal Software Engineer May, 2020 Sectional Navigation links Important Version Notes   ||  Installation Guide   ||  What Is Going On Here?   ||  Parameters You ...
Updated Sep 08, 2023
Version 9.0
application delivery
BIG-IP Access Policy Manager (APM)
dhcp
iRules
vpn
Barny_Riches's avatar
Barny_Riches
Icon for Altostratus rankAltostratus

Can I get clarification as to whether this works on BIG-IP 17.1.x? We need to migrate VPN users to our primary DHCP server, as client-based dynamic DNS registration needs to be disabled to meet security requirements.

Enrique_Pernas's avatar
Enrique_Pernas
Icon for Nimbostratus rankNimbostratus
Sep 11, 2024

I'm sorry but I haven't heard back from anyone and I can't help you. I have tried it on lab VE APM 16.1.3.1 and after messing around with the configuration I managed to get it to work, even with the F5 APM machine tunnel (https://community.f5.com/kb/technicalarticles/f5-big-ip-access-policy-manager-apm-machine-tunnels-for-windows/310896).
It is advisable to check this Microsoft article to avoid conflicts and errors (RegistrationOverwite 2) in DNS registration vía DHCP:

https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/dns-registration-behavior-when-dhcp-server-manages-dynamic-dns-updates

, as well as take a look at this script, if you are going to change to a dynamic DNS registration via DHCP:

https://byronwright.blogspot.com/2021/08/script-to-update-dns-record-permissions.html

I hope this message will be of some help to you.

  • Barny_Riches's avatar
    Barny_Riches
    Icon for Altostratus rankAltostratus
    Sep 11, 2024

    Thank you for your advice Enrique. Again, your success in using this on 16.1.x is very encouraging. I appreciate the other links also.