can we have Two access profile to single VIP In APM for Single URI. We have two ad groups and that need to differentiate through two access profiles

No, but the APM logic supports lookups to different ad groups in a single policy. We have done that to over 20 AD groups. Also, if you collect/ask for the domain, you can go directly to that domain and check as well.

Hello, You can use the same Access Policy and implement a condition based on the AD group within the VPE. Or you can use the Per-request access profile feature (v12) But you can't have 2 access profiles on the same VS. If you are using two different hostnames for a single VIP, you can configure forwarding traffic to 2 separate internal VS that have an access profile each.

Yes, i do have two connectivity profile for auto connect to vpn and other connectivity profile. Per requirement i need to assign these profile to specific group with single URI .I am not able apply two connectivity profile to single VS.

actually I do have two connectivity profile for auto connect to vpn and other connectivity profile. Per requirement i need to assign these profile to specific group with single URI .I am not able apply two connectivity profile to single VS. can it it suffice by irule ?

Can we have Two access profile to single VIP In APM for Single URI

13 Replies

Theo_12742
Cirrus
Apr 26, 2016
No, but the APM logic supports lookups to different ad groups in a single policy. We have done that to over 20 AD groups. Also, if you collect/ask for the domain, you can go directly to that domain and check as well.
- Gajanan_Vasmat1
  Nimbostratus
  Apr 26, 2016
  Yes, i do have two connectivity profile for auto connect to vpn and other connectivity profile. Per requirement i need to assign these profile to specific group with single URI .I am not able apply two connectivity profile to single VS.
- Theo_12742
  Cirrus
  Apr 26, 2016
  You can do this with a single policy, and assign a connectivity profile resource. In your VPE, Add » Assignment » Resource Assign or Advanced Resource Assign
Yann_Desmarest
Cirrus
Apr 26, 2016
Hello,

You can use the same Access Policy and implement a condition based on the AD group within the VPE. Or you can use the Per-request access profile feature (v12)

But you can't have 2 access profiles on the same VS. If you are using two different hostnames for a single VIP, you can configure forwarding traffic to 2 separate internal VS that have an access profile each.
- Gajanan_Vasmat1
  Nimbostratus
  Apr 26, 2016
  actually I do have two connectivity profile for auto connect to vpn and other connectivity profile. Per requirement i need to assign these profile to specific group with single URI .I am not able apply two connectivity profile to single VS. can it it suffice by irule ?
- Lucas_Thompson_
  Historic F5 Account
  Apr 26, 2016
  Why do you need to assign two different connectivity profiles? A connectivity profile is basically a PPP tunnel interface and a set of configuration parameters applied to downloaded client applications. I can't really think off the top of my head a reason to assign two simultaneously to an APM vip. Can you explain your use case?
- Gajanan_Vasmat1
  Nimbostratus
  Apr 27, 2016
  management want if some specific people accessing internal application then f5 apm vpn should connect automatically from their any device so I created different connectivity profile.
Yann_Desmarest_
Nacreous
Apr 26, 2016
Hello,

You can use the same Access Policy and implement a condition based on the AD group within the VPE. Or you can use the Per-request access profile feature (v12)

But you can't have 2 access profiles on the same VS. If you are using two different hostnames for a single VIP, you can configure forwarding traffic to 2 separate internal VS that have an access profile each.
- Gajanan_Vasmat1
  Nimbostratus
  Apr 26, 2016
  actually I do have two connectivity profile for auto connect to vpn and other connectivity profile. Per requirement i need to assign these profile to specific group with single URI .I am not able apply two connectivity profile to single VS. can it it suffice by irule ?
- Lucas_Thompson_
  Historic F5 Account
  Apr 26, 2016
  Why do you need to assign two different connectivity profiles? A connectivity profile is basically a PPP tunnel interface and a set of configuration parameters applied to downloaded client applications. I can't really think off the top of my head a reason to assign two simultaneously to an APM vip. Can you explain your use case?
- Gajanan_Vasmat1
  Nimbostratus
  Apr 27, 2016
  management want if some specific people accessing internal application then f5 apm vpn should connect automatically from their any device so I created different connectivity profile.