Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

cant access to management interface after vpn using apm established

yunan_haris_123
Nimbostratus
Nimbostratus

i had configured network access vpn using APM module, i tried to split tunneling the network of my management access, but unfortunately when the vpn established i cant connect to my f5 management interface. i tried to add VS with my pool member is my f5 management ip address, where VS ip address is 1 network with my VPN user, the service is https, and the pool member is my f5 management ip address with service port is 443. and then the result is i can ping my VS but i cant connect to my VS which have the pool member is my f5 management ip address with port 443

 

any idea how can i access to my F5 after vpn using APM established? really appreciate your help

 

thank you

 

2 REPLIES 2

Kevin_Stewart
F5 Employee
F5 Employee

This is actually a well-intentioned security feature, but you can get around it with the following trick:

 

  1. Create a simple LTM virtual server - you can bind this to the VPN connectivity profile "VLAN" or to an internal VLAN (do NOT bind this to an external VLAN)

     

  2. Apply a simple client SSL profile to the VIP

     

  3. Apply a simple server SSL profile to the VIP

     

  4. Apply the following iRule to the VIP:

     

    when CLIENT_ACCEPTED { node 127.0.0.1 443 }

    Depending on platform version you may need to use an internal VLAN self-IP instead of 127.0.0.1.

     

From v15.1/16.1 a db value needs to be changed in order to use this iRule.  Details here: https://my.f5.com/manage/s/article/K05413010