NimbostratusVPN SSL traffic not being forwarded when using a not directly attached network as VPN Pool
Hi, I have a F5 setup in AWS to use for Client VPN. I had it working fine but then found out that the ACLs are not being applied because I bypass the VS which is used for the VPN Clients.
Here is the setup.
F5 with public interface and private interface. VS (standard) configured on the public IP so users can login to the VPN. That is working fine. Another VS configured for redirecting http to https. Also working fine.
We are using full tunnel. I have a Subnet as VPN Pool configured that is not attached to the F5. We route the subnet to the private interface. No SNAT is used cause we want to have full transparency on the clients.
When I use SNAT it is working fine. Also when I use a VPN Pool of addresses which are in the same Subnet as the selfIp from the private interface it is working fine. When I use the VPN Pool from the network that is not directly attached it stops working. What I did to work around it was setting up another VS (forwarding IP) with our VPN Pool as source and 0.0.0.0/0 as destination. With this set up it worked fine but I then found out that the ACLs are not applied anymore.
Any idea how I can have all three requirements? No SNAT, not directly attached Network as VPN Pool and ACLs applied to the VPN users?
It looks like it is an internal routing issue but I have no idea how to tell the F5 where to send traffic from the VPN Pool to.
Hope it is somehow clear how the setup looks like.
Thanks.