AlexBCT
Aug 13, 2018Cumulonimbus
VPN not working when using APM policy via Local Traffic Policy
Hi all,
I've got an interesting one and hope that one of you has a clue;
Setup;
1. FW translating public address to private address
2. F5 VS with private address, with Local Traffic Policy...
- Jan 11, 2019
Hi all,
In case anyone else runs into the same problem, here's the answer after speaking with F5 support; Turns out the iSession requests that are used for setting up the VPN tunnel in Windows are not quite HTTP compliant, and as such, cause issues when assessed by the Local Traffic Policy.
To fix it, I've put an iRule in place that bypasses the LTP for specific requests, see below;
when HTTP_REQUEST { set http_disable 0 if { [HTTP::uri] starts_with "/isession" or [HTTP::uri] starts_with "/myvpn" } { set http_disable 1 } } when HTTP_REQUEST_SEND { if { $http_disable != 0 } { HTTP::disable } }
This iRule needs to be attached to the same virtual server as the LTP is attached to and all works again!