pbr
2 TopicsSource based routing (Policy based routing) on BIG-IP F5
I've multiple DHCP pools for different VPN profiles (Different subnets) on BIG-IP APM, and I want to route internet traffic for the users through VPN (Force all traffic through VPN), I have multiple self IPs through which I have connectivity to different sub-interfaces on perimeter firewall and core firewall. My current routing table is as below Internal subnet > Core Firewall Default Route> Perimeter Firewall (DMZ Interface) My default route on the BIG-IP F5 is the sub-interface of perimeter firewall which is in DMZ to entertain the requests from internet coming to the DMZ. By default, all the internet traffic coming from VPN users take default route and hit's DMZ interface on the perimeter, but I want to forward all VPN users traffic to another sub-interface of the perimeter firewall (using another self IP), how I can achieve this? I want to do routing as below Source = VPN_SUBNET > NEXT_HOP (DEFAULT ROUTE) = PERIMETER LAN_INTERFACE1.1KViews0likes1CommentWildcard in SNAT
I want configure an snat translation to change the source IP ltm tries to connect *.f5.com(say). Can I use wildcard in snat? If not, is there any other solution to this? Current Scenerio: LTM(src-1.1.1.1) -To- *.f5.com [Takes 0.0.0.0/0] --> FW1 [Takes 0.0.0.0/0] --> Internet Issue: FW1 does't support *, can't allow access only to *.f5.com. Proposed: LTM(src-1.1.1.1) -To- *.f5.com [Takes 0.0.0.0/0] --> SNAT(1.1.1.1->2.2.2.2) -To- *.f5.com [Takes 0.0.0.0/0] -->FW1[Allow all https for source 2.2.2.2] [Takes 0.0.0.0/0] --> Internet OR LTM(src-1.1.1.1) -To- *.f5.com [Takes 0.0.0.0/0] --> SNAT(1.1.1.1->2.2.2.2) -To- *.f5.com [Takes 0.0.0.0/0] -->FW1[PBR to FW2 that supports * for source 2.2.2.2] [Takes 0.0.0.0/0] --> Internet OR408Views0likes3Comments