mrichter
Sep 24, 2015Nimbostratus
APM and VIP Targeting Configuration Issues
We have a use case where we'd like to use multiple domain names and apply different access policies based on differing domain names. The main article I read to work around this is to use VIP targeting and apply an iRule on the main/director Virtual Server to accomplish this.
when HTTP_REQUEST {
switch [string tolower [HTTP::host]] {
"app1.domain.com" { virtual app1_vs }
"app2.domain.com" { virtual app2_vs }
"app3.domain.com" { virtual app3_vs }
"app4.domain.com" { virtual app4_vs }
}
}
So far I haven't been able to get this working. Policy manager itself functions correctly and passes, but as soon as the VPN tunnel tries to setup it immediately disconnects:
10:00:02 PDT 2015:notice hostname tmm1[19040] 01490505 562a3210PPP tunnel 0x57003446b100 closed.
10:00:02 PDT 2015:notice hostname tmm1[19040]01490505 562a3210PPP tunnel 0x57003446b100 started
So a few questions I have here in regards to this setup.
- Does it really work and is any functionality lost?
- Is DTLS still supported and if so, what does that configuration look like?
- Are there any issues with having route domains configured (perhaps that's what causing my disconnect)?
- Is there something special that needs to be configured on the directed virtual server? Right now I'm just configuring it as SSL and applied the appropriate access policy.
Thanks in advance.