Forum Discussion
Kevin_Stewart
Employee
This is actually a well-intentioned security feature, but you can get around it with the following trick:
-
Create a simple LTM virtual server - you can bind this to the VPN connectivity profile "VLAN" or to an internal VLAN (do NOT bind this to an external VLAN)
-
Apply a simple client SSL profile to the VIP
-
Apply a simple server SSL profile to the VIP
-
Apply the following iRule to the VIP:
when CLIENT_ACCEPTED { node 127.0.0.1 443 }
Depending on platform version you may need to use an internal VLAN self-IP instead of 127.0.0.1.
Jimmy
Feb 27, 2023Nimbostratus
From v15.1/16.1 a db value needs to be changed in order to use this iRule. Details here: https://my.f5.com/manage/s/article/K05413010