20-Jan-2023 14:20
Hi all:
Strange client requirement, but figured I'd ask as a thought experiment. What we'd like to do is use different split-tunnel address spaces depending on a client's location/IP. For example, if a user is in an office we know is protected, don't tunnel things like Internet browsing. If that same user takes their laptop home/to a coffee shop/etc, tunnel everything. Is something like this even possible?
Solved! Go to Solution.
24-Jan-2023 09:19
@Juergen_Mang is spot on, it's pretty straightforward. You'd create:
20-Jan-2023 15:04
@mjb109 Typically the way traffic is tunneled is by the particular policy applied to the tunnel that you are attempting to form and not dynamically. Realistically you would have to configure two different tunnels one they connect to when they are at work and one when they are at home.
20-Jan-2023 15:34
I had considered that; unfortunately it relies upon a user to do the right thing. I was thinking more along the lines of an iRule with some logic like:
if client::IP == <Some list>; use profile 'foo'
else, use profile 'bar'
I guess another option would be to create the two tunnels, then a redirect VIP for all users that follows similar logic, but sends a redirect instead to get a user to the right endpoint.
23-Jan-2023 01:23
Not tested, but this should work:
Create a second Network List with the other Lease Pool and use the Advanced Ressource Assign Policy Agent to assign this for spcific Client-IPs.
23-Jan-2023 17:20
@Lucas_Thompson - here's one in your wheelhouse. 🙂
24-Jan-2023 09:19
@Juergen_Mang is spot on, it's pretty straightforward. You'd create:
24-Jan-2023 10:55
This looks like it will work nicely. Thanks to all!