Forum Discussion

lisa_d's avatar
lisa_d
Icon for Nimbostratus rankNimbostratus
Apr 03, 2020

VPN BIG-IP Edge client : traffic over VPN tunnel with full or split tunneling

We have established a VPN connection between a Windows client and a BIGIP v15.

We are using BIGIP Edge client, with network access.

 

Full tunneling

We do not really understand what kind of traffic is allowed or disallowed over the VPN tunnel.

According to this document : https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-network-access-13-0-0/2.html

with full tunneling "all traffic (including traffic to or from the local subnet) is forced over the VPN tunnel."

How traffic to local subnet can be forced over the VPN tunnel ?

Does full tunneling ensure that the resource is not leaking traffic to the client's LAN ?

 

Split tunneling

In order to use split tunneling, we have to fill the field "IPV4 LAN Address Space", to specify a list of addresses. Only the traffic to these addresses goes through the tunnel configured for Network Access, all other traffic bypasses the tunnel.

As this field is mandatory, what is the purpose of the field "Exclude Address Space" (not mandatory) ?

What is the purpose of the feature "split by DNS" ? How to know if it is better to use "split by DNS" instead of "split by IP" ?