acls
3 TopicsF5 APM ACL's help
We are currently transitioning our VPN connections from Cisco ACS to F5 SSL VPN. Everything is working great, with the exception of the ACL portion where after a user authenticates, we assign ACL's to their session, to further restrict them. The issue is that on ACS, we had the ability to place wildcards in the mask for any octet. Example being, we have 230+ sites, where at each site, a specific appliance (lets say Server1 lives, and always ends in .100). If we have a portion of our IT staff that needs access to only this server, but for each store, we have an ACL written that would allow something along the lines of: PERMIT IP 192.168.243.0 255.255.255.0 10.0.1.100 255.0.255.255 192.168.243.0/24 being our VPN lease pool. Now - F5 doesnt support this feature that cisco allows, so im hoping there is a way to input each of these via SSH? Any way that I can help optimize inputting these would be greatly appreciated, as for this situation, each of the ACL's that im transferring from cisco ACS to F5 will require 255 ACE's on the F5 side.145Views0likes0CommentsAPM Local DB multiple groups
Hi, I'm using APM with localdb authentication and performing a group lookup and resource assign ACLs based on the localdb group. It works well with one group and one set of ACLs per group. But what if I want a user to have ACLs from more than one group? do I assign multiple groups to the user? I've sort of tried this but it did not work. Only ACL from one group are applied. Is this sort of functionality supported or is the group field in localdb meant for only one group?76Views0likes3Comments