Forum Discussion

Roderick_Graham's avatar
Roderick_Graham
Icon for Nimbostratus rankNimbostratus
Sep 16, 2015

APM Network Access Split Tunnel: Not Seeing Lease Pool IP in tcpdump

I have an APM network access split-tunnel that uses a lease pool that contains only one IP address.

 

The destination resource (an internal VIP) is defined in the "network access-launch applications-path\parameter" field by the domain name that resolves to the internal VIP address.

 

Everything appears to be working however when I run a tcpdump against the internal VIP while connecting via the external VIP configured with the access policy the IP I see connecting to the internal VIP is my LAN IP address (instead of the lease pool IP address).

 

Any idea(s) why I wouldn't be seeing the lease pool IP address as the source IP (instead of my usual, dhcp-assigned LAN IP address)?

 

APM
deployment
lease pool
network access
security

2 Replies

Sort By
  • arpydays's avatar
    arpydays
    Icon for Nimbostratus rankNimbostratus
    Sep 16, 2015

    just guessing, but as you trying to see traffic that is tunnelled and then forwarded internally perhaps it just where tcpdump is intercepting the incoming traffic i.e incoming interface still VPN. You can check you session in "Manage Sessions" to see what IP was assigned, also you could run an irule with log statement on the VS to see what client IP your internal VS is seeing, or if you have a route in place try hitting some other IP from your client and tcpdump for syn packets heading out of the F5, cheers