how to set sslvpn clients external ip same as address pool leased ip and not using bigip self ip

Question

hi i am new to F5 and i am trying to setup sslvpn solution that seems to be very simple i am using aws marketplace ltm bigip ve instance single nic configuration, bigip selfip is of 172.16.0.0/16 network. now i have configured sslvpn to use address pool lease of 10.230.230.0/24 in pass all trffic via bigip mode so i am expecting access internet via bigip external ip (elastic ip) and access internal resources via 10.230.230.0/24 network but in my case all traffic getting out to internal resources via bigip self ip (172.16.0.0/16) and not via clients leased ip for example (10.230.230.2) is there a way to set sslvpn clients source ip as there leased ip?

juergen_mang · Answer

Set the SNAT Pool Setting in your Network Access List from AutoMap to None. Correct routing for the lease pool ip addresses must be configured with this setup.

vadim · Answer

snat pool configured to nonerouting configured on aws route table assosiated to bigip instanceon bigip itself i configured default route 0.0.0.0 to aws vpc default gateway in my case 172.16.1.1this config works as expected, but i dont have insternet access when selecting Force all traffic through tunneloption. only internal resources availble

Forum Discussion

how to set sslvpn clients external ip same as address pool leased ip and not using bigip self ip

2 Replies

Recent Discussions

ltm policy asm_auto_l7_policy

MAC address not showing up in LLDP packet

F5Access | MacOS Sonoma

Active- Active HA setup

syslog server connection

Related Content

CSV to Address External Datagroup File

F5 BIG-IP and NGINX - Securing Your AWS VPC Lattice Applications for External Clients

APM custom address space by client IP?

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

Decoding the IPv4 address from the persistence cookie