How to show which IPs in a VPN lease pool are in use..?
Is there a tmsh command that will show which IPs in a VPN lease pool are in use? I'm splitting off part of the current lease pool for use by some other VPN profiles, but don't know which in that bunch are still being used. For now, my plan is to wait and let them expire before assigning the new lease pool. Thanks!
F5 APM Same leasepool communication
Hi, I need some suggestion related to "How we can block client communication in same lease pool ?" For Example APM have one lease pool , Users connect to VPN assigned an IP address from lease Pool . VPN Users can communicate each other because they are in the same subnet ? Is there way to stop this behavior ? ThanksVPN Active Sessions versus actual IP Lease Pool usage..?
We're currently graphing active VPN sessions in Cacti... The count of 120 matches the number of active sessions listed on the F5: (v13.x) Access => Overview => Active Sessions (minus any "duplicate" sessions listed for a user - a few may have two, three or even four listed). My question is, do the "duplicate" sessions retain IPs from the lease pool as well or are they returned to the pool (my guess... "sometimes, as some duplicate sessions don't get far enough for an IP assignment")? I've looked at the session logs for duplicate users... some show a different IP assigned, others no IP assignment at all, so that's been inconclusive. We need to graph IP lease pool usage and I was hoping this would suffice. A follow-up question is... does anyone know what the green stat ("Active SSL-VPN connections") is? The F5 being graphed is used primarily for VPN, the only other app using it is VDI which is currently in test/development with very low usage (plus, APM isn't being used for the VDI config). Thanks!
APM Network Access Split Tunnel: Not Seeing Lease Pool IP in tcpdump
I have an APM network access split-tunnel that uses a lease pool that contains only one IP address. The destination resource (an internal VIP) is defined in the "network access-launch applications-path\parameter" field by the domain name that resolves to the internal VIP address. Everything appears to be working however when I run a tcpdump against the internal VIP while connecting via the external VIP configured with the access policy the IP I see connecting to the internal VIP is my LAN IP address (instead of the lease pool IP address). Any idea(s) why I wouldn't be seeing the lease pool IP address as the source IP (instead of my usual, dhcp-assigned LAN IP address)?
