multiple layered virtual servers
3 TopicsAPM SSLVPN with layered virtual
Hi guys, I'm trying a new (for me), but oftenly recommended by F5 SEs, setup with layered virtuals. In my testing environment, I have only one single IP address. This is used for a standard virtual server, which will be used as some kind of a jump VS (let's call it 'VS_jump'). I've assigned an LTM policy to this VS, which forwards the traffic to different virtuals, based on the requested host header. Basically this is working finde. But I'm struggling arround with APM and SSLVPN (Network Access). The requests hit the correct VS ('VS_apm-sslvpn') with APM profile assigned and the user is able to authenticate. But after opening the PPP tunnel, it's ending in a timeout for the client. The APM log tells me, that the tunnel was directly closed: PPP tunnel 0x56009ef6dd00 (ID: 703c0a5b) started. PPP tunnel 0x56009ef6dd00 (ID: 703c0a5b) closed. This issue only occurs, if the APM profile is bound to the forwarded virtual, 'VS_apm-sslvpn'. For testing purposes I've assigned the APM and connectivity profile to 'VS_jump' and the connection came up directly, without any issue. The message PPP tunnel 0x56009ef6dd00 (ID: 703c0a5b) closed. only appears, when the connection is manually disabled. So my question is: Are there any known limitations to SSLVPN, when used in conjunction with layered virtuals? I'm not sure about settings like HTTP-XFF or SNAT - where shall they be set? On 'VS_jump' or 'VS_apm-sslvpn'. Unfortunately I wasn't able to find anything related to SSLVPN and layered virtuals. Any ideas? Thanks in advance. Cheers, Sven899Views0likes5CommentsMultiple Layered Virtual Servers - Each different SSO method
Dear all, I have configured layered virtual servers to have SSO for full network access users coming in from mobile devices. A webtop is not feasible in my deployment scenario. The layered virtual server has source = 10.1.152.0/24 destination = 10.0.0.0/8 This virtual server has an SSO access policy profile configured for ntlm SSO. However, there is a particular site that uses HTTP Basic. So I'd created another layered VS: source = 10.1.152.0/24 destination = 10.x.x.x/32 Traffic will ALWAYS flow through virtual server configured with NTLM SSO even if I browse to that HTTP Basic site. Is there a way to have multiple layered VS and each has a different SSO? Thank you!342Views0likes4CommentsChange APM /public path to something else?
I'm using policy that disables APM policy on /public subpath as this path is used on server for direct linking and hotlinking files for headless clients (like curl or wget). Unfortunately /public directory collides with APM /public directory used for css and images. As result all APM pages look broken: How can I change /public path used by APM to something else like idk... /static for example? For /public bypass I'm using two virtual servers like this: http_server -> http_server_apm where http_server has policy with action Forward to virtual server http_server_apm if URI path doesn't start with /public. http_server_apm has APM policy assigned.274Views0likes0Comments