Forum Discussion

Nimbostratus

Oct 15, 2013

irule inspecting or modifying vpn traffic

The access policy for my virtual server grants network access. The only resource on the network behind the f5 is my proxy server. I need to pass the client certificates to my proxy server in the ht...

Employee

Oct 16, 2013

If I may add, once the SSL VPN tunnel has been established, the network access VIP will no longer respond to events, so it wouldn't generally be possible to pass an HTTP header from the network access VIP to services inside the tunnel. You could alternatively host a virtual server inside the tunnel (on the tunnel's lease pool network) that prompted for client certificate and then sent the traffic to the proxy server with an HTTP header. For that matter though, you could probably do the same without the SSL VPN tunnel.

And to be clear, ProxySSL and Forward Proxy SSL are two distinct things. ProxySSL only works in a reverse proxy mode, and both work very differently.

Forum Discussion

irule inspecting or modifying vpn traffic

Recent Discussions

Azure DP-100 Exam Questions

GTM Packet Capture command

Wildcard SSL Certificate Deployment on F5 LTM

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Open Redirection Mitigation

Related Content

Inspecting HTTP LB traffic for security

Protecting the F5 BIG-IP AFM system with AFM Protocol Inspection System Checks

AFM Protocol Inspection rules for CVE-2022-3602 (aka SpookySSL)

iRule to modify a content-security-policy header

Unsupported Snort Keywords in Protocol Inspection