Hi,
Regarding this part of the conversation (*)....... I have a similar problem perfoming single sign on authentication using Kerberos, the task it supposed to be perfomed by the vpnssl device and then go to the F5 LTM and the to then web server (wich is running a .NET based application) ...... my question is pretty much related to the part where the SPN is created in my DC server for the application. Wich account or computer-name should be used in the command.
(*)
Firstly map the virtual IP to a dns name in your internal DNS server. Then create an SPN for this dns name and with the userid being used to configure kerberos.
For ex. if you are using an id - xyz for configuring BO SSO, and the dns name is bovirtual.addomain.com
Then the SPN will be -
setspn -A HTTP/bovirtual.addomain.com xyz
Let me know how it goes.
Regads,
Ravi