Forum Discussion

Les_Mailloux_55's avatar
Les_Mailloux_55
Historic F5 Account
Apr 17, 2014

Source routing after APM Network Lease assigned

I have a situation where I need to change the gateway of an Edge Gateway client after it has been authenticated and assigned an IP from the lease pool. Currently, the setup is as such with the default route being FW1

 

EGW Client -- Inet -- FW1 -- F5

 

Since I can't move the NAT to FW2 just yet, we are hoping we can alter the gateway after the EGW client is authenticated. I'm unsure how to accomplish this with an iRule as I'm not sure where in the process the client is assigned an IP from the lease pool.

 

Any help/suggestions are appreciated!

 

APM
application delivery
design
devops
iRules
LTM
security

3 Replies

Sort By
  • Les_Mailloux_55's avatar
    Les_Mailloux_55
    Historic F5 Account
    Apr 17, 2014

    I think this should work. I'm just a bit unclear how APM and the network access tunnel fits into the picture (in terms of packet processing):

     

    when CLIENT_ACCEPTED { if {[class match [IP::client_addr] equals EGW_Lease_list]} { log local0. "[IP::client_addr] matches EGW_Lease_list" nexthop DMZ 192.168.90.10} }

     

  • Les_Mailloux_55's avatar
    Les_Mailloux_55
    Historic F5 Account
    Apr 18, 2014

    This does not work as the rule fires before the client is authenticated, therefore the client IP addr is their real one, not the lease-assigned one. I've searched all over here but I don't see a way to pull in the APM lease IP. Any suggestions? Is this not possible?

     

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    May 14, 2014

    it looks like you could use the "Example: Directing users to different route domains" from the advance APM topics, do you agree?

     

    http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm_config_10_1_0/apm_config_advanced_policies.html