Forum Discussion

Ismaeel_Butt_30's avatar
Ismaeel_Butt_30
Icon for Nimbostratus rankNimbostratus
Jul 05, 2018

APM irule to assign the "advance resource assign" and "static IP" based on username while connecting vpn

Hello Guys,

 

Im new to irule. I need help to write an irule for my access policy so that when e.g. "abc" username connects to ssl vpn "corporate network resource" assign to it along with a "static IP" and when "xyz" username comes in "dmz network resource" assign to it along with a "static IP". Network resources already defined in Access policy separately. I need to do this for around 100 users.

 

I have found the irule on f5 site for assign the static IP. but not able to figure out how to assign network resources via irule .

 

irule for static IP assign.

 

when ACCESS_POLICY_AGENT_EVENT { if { [ACCESS::policy agent_id] eq "VPN" } { ACCESS::session data set session.requested.clientip [class lookup [ACCESS::session data get "session.logon.last.username"] VPN ] } }

 

APM
security

3 Replies

Sort By
  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Jul 05, 2018

    Hi.

     

    Why you want to assign a Network resources using an irule?

     

    You can assign it directly to the VPE?

     

    Regards

     

  • Ismaeel_Butt_30's avatar
    Ismaeel_Butt_30
    Icon for Nimbostratus rankNimbostratus
    Jul 05, 2018

    I want to use irule because i need to assign static IP to each user and also to assign different network resources to different users under same url (cant use different uri).

     

  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Jul 06, 2018

    Hi Ismael,

     

    In fact you can assign static IP to each user using Irule or VPE. In all case I advise you to use VPE it's more flexible and your configuration is managed on one point.

     

    More you don't need an Irule to assign network ressources assign.

     

    You can can assign "Network ressource" by AD Grp or Username or other depending your need. And to do that you can use VPE and not Irule.

     

    Do you need help to achieve this need using VPE only? I can give you tips/steps to achieve it if you need.

     

    Regards