cusgtom gateway
1 Topic
SSL-VPN - Route all traffic NOT via the default gateway but via the CUSTOM gateway
Hi, We are working to implement a new VPN stream that ends on F5. Our goal is to terminate the SSL VPN on F5 but filter the traffic on the firewall, we don't want to do ACLs on F5. We need to set up a full tunnel. Our infrastructure is illustrated in a simplified way in the attached diagram However, we have problems with the routing of traffic as we do not want to allow clients to reach the network resources (Virtual Machine and Virtual Server) located in the networks directly connected on F5. To avoid this behavior we create a new DMZ 192.168.2.0/24 network to use a SNAT of this network (192.168.2.10) to route traffic to the firewall. The problems arose here as the traffic to the Internet takes the default network and then arrives on the firewall on the IP 192.168.1.1, while the traffic to the LAN 1 and LAN 2 uses the F5 selfIPs on those networks We would like to make sure that all traffic from the VPN arrives on the firewall on IP 192.168.2.1 of the new DMZ network. We tried the following: 1) rotate the traffic to a specific gateway (https://support.f5.com/csp/article/K18487629) but it didn't work and the traffic to the LANs doesn't go through the firewall. We have created a new dedicated VS. 2) implemented a PBR via irule (https://support.f5.com/csp/article/K20510467) but it didn't work. We may have done something wrong in the configuration of the two points indicated above and we have tried the various combinations but we are unable to find any solution. Can you help us understand how to set up the correct flow? Is it possible to foresee that F5 does not follow the default routing and does not allow direct access to connected LANs? I hope the flow described is clear ThanksSolved3.5KViews0likes7Comments