Nimbostratus
CirrostratusHi KU,
I'd really recommend reaching out to your VAR or F5 team to look into getting professional services for something as important as a VPN connection if you have no F5 experience.
In the VPE, adding the AD authentication will basically give you two outputs, success and failure. From there you would continue down the path of the VPE to your final outcome. You'll need to configure the AD servers before adding it, but it's pretty straight forward after that. If you fail, you can enable additional logging in the VPE entry, and also take a look at the access session log or the apm log to see why it failed.
Regarding Client certificate authentication, you should be able to install the CA certificate into the F5. With that installed, you can configure client certificate authentication to require in the virtual server that the access policy is applied to. Once that is configured, you can gather information from the certificate in the VPE policy by adding the appropriate entry, and then doing things such as additional checks or comparing the certificate to the user, etc. Basically the sky is the limit.
Again, with no experience, I'd highly recommend getting some additional help.
Good luck with the project!
--D
NimbostratusHello Dave McCauley
thank you for your answer.
I understood that setting is necessary on the AD side. Specifically, what kind of setting is necessary?
I want to know detailed procedures about client certificates, Could you tell me?
Also, I understand that it was better to receive professional services, but I have inquired to F5 side from those who do maintenance contracts, but since I do not receive a reply even if I request reminder, I participated Community.