APM VPN:Assign split-tunnel settings dynamically via RADIUS

Question

Hi there,&nbsp;
is it possibly to dynamically assign included split-tunnel networks (included, so only those subnets will be routed through the VPN tunnel) by using a RADIUS attribute?&nbsp;
Like this I could dynamically assign different split-tunnel networks to different users (I know, this is a very exclusive scenario, but about ~50 different settings are needed within our deployment)&nbsp;
Regards,
Saskia&nbsp;

kunjan · Answer

Probably you can try to do a variable assignment after NA resource assignment in VPE&nbsp;

Define the following Configuration Variable:&nbsp;
Type: Network Access&nbsp;
Name: NAname(Select)&nbsp;
Property: address_space_include_dns_name(Referring to split tunnel included Subnets)&nbsp;&nbsp;&nbsp;

Assign it the following value, &nbsp;
Agent Type : RADIUS&nbsp;
Attribute Type: Use RADIUS attribute&nbsp;
Radius attribute name : attribute_name_var(Specify)&nbsp;&nbsp;

Value accepted is in 10.0.0.0/255.0.0.0 format. &nbsp;&nbsp;&nbsp;
This doc also might help 
https://support.f5.com/kb/en-us/solutions/public/13000/000/sol13024&nbsp;
If this radius attribute is under VSA attribute, currently APM doesn't support it. &nbsp;

Forum Discussion

APM VPN:Assign split-tunnel settings dynamically via RADIUS

1 Reply

Recent Discussions

Issue on license renewal

Viprion files on blades.

redirect not working

active/active Support Declarative Onboarding

Reliable resources for identifying IP addresses

Related Content

SSL VPN Split Tunneling and Office 365

VPN Split Tunneling: The Benefits and Risks

Improve BIG-IP APM VPN speed with TLS dynamic record size

Regex for dynamic URI

split-tunnel but include some public URLs.