cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

F5 APM Failed to download configuration

Omer
Nimbostratus
Nimbostratus

Hi . My VPN clinet showing Disconnected with failed to download configuration error . Existing setup is :

 

F5 AWAF VE version 14.1.2.3 in front of APM . I have created LTM Virtual Server with pool member pointing to F5 APM Virtual Server . AWAF is in transparent mode currently . I tried to remove AWAF policy also but no luck .

F5 APM is running version 14.0.1 .

 

If i access directly from APM it is working fine . When try to access from ASM it is not working fine .

 

Error       HOST        CHostCtrl::OnTimer(), TUNNEL_SERVER_READY_CHECK - configuration read timed out

Error       HOST        \HostCtrl.h, CHostCtrl::Failed, Failed to download configuration (error: 0)

Error       HOST        \HostCtrl.h, CHostCtrl::Failed, Firing OnError event (message: Failed to download configuration)

 

Is this issue related to ciphers ?

 

Thanks

 

 

2 REPLIES 2

delv3chio
F5 Employee
F5 Employee

Hello Omer,

 

When using ASM with APM, you will need to use the 'virtual' command in an iRule on the layered ASM VS to point at the APM VS.

This would not work with a pool member pointing at an APM VS due to how APM fires related to ASM in the hudchain.

 

Please review the following article:

 

K54217479: How to protect APM virtual server with ASM

Additionally, there is a little more in depth article using Brute Force Protection:

 

K13315545: Configuring a BIG-IP ASM virtual server to protect a BIG-IP APM login page with brute for...

 

Hope that helps!

Thank you for the suggestion . In my case issue was in HTTP profile . I bypassed some of pages through policy . APM and ASM are in separate boxes .