Forum Discussion

boneyard's avatar
Aug 11, 2013

APM - configure local ip / port of App tunnel

is it possible to configure the local ip and local port for an App tunnel? like it was possible in the Firepass. or is this something which is determined by the software and can't be configured?

 

from some test i usually get the ip 127.0.0.5 and sometimes a port number 1 higher then the destination port.

 

7 Replies

  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Historic F5 Account

    To add a little more information here: It can't be configured. In APM, apptunnels operate differently than Firepass.

     

    APM App tunnel has 3 access possibilities:

     

    1-You can access using direct backend IP if you have F5 DNS Relay Service installed.

     

    2-You can access using hostname if a) the definition is made with a hostname, and b) hostname is resolvable at connect time by APM, and c) either DNS Relay Service is installed OR user has permission to write to the local hosts file

     

    3-You can access using the loopback IP (127.x.x.x) and port of the apptunnel. This is what's populated in the %host% and %port% in the Application Launch area. Unfortunately there is no way to predetermine what this 127.x address will be.

     

    Also, F5 DNS Relay Service is NOT installed automatically, you must manually install it with the Edge Client installer.

     

  • thank you lthompson, from what you tell me the F5 DNS Relay Service picks up IP and DNS requests towards the backend server I configure right?

     

    so for example, if i configure an App Tunnel with the destination IP 10.10.10.10 i should be able to locally connect to 10.10.10.10 and it will be send to the backend server? even if 10.10.10.10 is known on my local network?

     

    should ports be mapped 1 on 1? would the above logic also go for ports, if i just connect to the right IP:port it will redirect correctly?

     

  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Historic F5 Account

    Yes exactly. So if your backend (from APM perspective) is 10.10.10.10:22 (for ssh, say), then if you use apptunnels and have DNS relay service installed in the client, your user can connect to 10.10.10.10:22 (from client perspective). DNS relay service uses Detours to accomplish this magic.

     

  • hi ,lthompson my APM has a simliar issue now. it is App tunnel for ssh ,it works great in windows,but Mac client can't in Mac client,it liesten in 1024,1025.and so on., If I want to access one ssh server behind APM,I need to type "ssh localhost -p 1024 " how to fix this ,I only want user to type "ssh real-ssh-server-ip" in their Mac client