BigIP SSL VPN with APM Webtops
Hey There,
I've setup SSL VPNs everywhere, as they're awesome, and I've also setup APM webtops everywhere publishing Citrix XenApp/Desktop, portal access objects etc. What I've never tried to do is access portal objects when connected to the SSL VPN and this is the issue.
It appears that when connected to the SSL VPN, I can telnet port 443 and ping the portal webtop VS IP, but the browser just fails to display the page. All other resources that aren't on box work fine (reverse proxying anything else), it's just the local portal webtops that don't display.
It's as if the F5 is not allowing the traffic out the SSL VPN IP connection and back in again (which we're all used to) but, as I can telnet the VS IP on port 443 I'm not so sure that's the issue.
I've messed around with varying configurations and have easily replicated the issue, I've added/removed SNAT from the VS and the network access list, enabled/disabled proxy ARP (I know this was a reach but TCP dump was showing no replies so meh), created/removed IP forwarding VS's for the SSL VPN stub subnet to the VS subnet, and even moved the SSL VPN subnet into the BigIP SelfIP subnet.
Another important piece of information, this is a single armed configuration. I might try and bind the SSL VPN to new arm and see how that goes although I don't think it will help.
Any thoughts please?
Kind Regards Frazer Thompson