Forum Discussion

AlexBCT's avatar
AlexBCT
Icon for Cumulonimbus rankCumulonimbus
Aug 13, 2018

VPN not working when using APM policy via Local Traffic Policy

Hi all,   I've got an interesting one and hope that one of you has a clue;   Setup; 1. FW translating public address to private address 2. F5 VS with private address, with Local Traffic Policy...
  • AlexBCT's avatar
    Jan 11, 2019

    Hi all,

    In case anyone else runs into the same problem, here's the answer after speaking with F5 support; Turns out the iSession requests that are used for setting up the VPN tunnel in Windows are not quite HTTP compliant, and as such, cause issues when assessed by the Local Traffic Policy.

    To fix it, I've put an iRule in place that bypasses the LTP for specific requests, see below;

     

    when HTTP_REQUEST {
       set http_disable 0
       if { [HTTP::uri] starts_with "/isession" or [HTTP::uri] starts_with "/myvpn" } {
          set http_disable 1
       }
    }
    
    when HTTP_REQUEST_SEND {
       if { $http_disable != 0 } {
          HTTP::disable
       }
    }
    

     

    This iRule needs to be attached to the same virtual server as the LTP is attached to and all works again!