We plan to build a VPN connection using F5.

Question

This time for the first time we are touching F5.
We plan to build a VPN connection using F5.
Since you do not understand even by looking at the manual etc, please tell me which setting should be done.
Specifically, I would like to do the following things.&nbsp;
Automatic login of VPN connection using Windows Server AD user.
Login using login information on Windows (Allow-Only-in-Enterprise-LAN) was able to do.&nbsp;
However, if AD is set in VPE setting with internal IP, VPN connection can not be performed.&nbsp;
Please tell us about AD setting.&nbsp;
VPN connection with client certificate authentication.
The root certificate is ready from windows enterprise CA.
I would like to perform client certificate authentication using enterprise CA.&nbsp;
Thank you.&nbsp;

dave_mccauley_3 · Answer

Hi KU,&nbsp;
I'd really recommend reaching out to your VAR or F5 team to look into getting professional services for something as important as a VPN connection if you have no F5 experience.&nbsp;
In the VPE, adding the AD authentication will basically give you two outputs, success and failure. From there you would continue down the path of the VPE to your final outcome. You'll need to configure the AD servers before adding it, but it's pretty straight forward after that. If you fail, you can enable additional logging in the VPE entry, and also take a look at the access session log or the apm log to see why it failed.&nbsp;
Regarding Client certificate authentication, you should be able to install the CA certificate into the F5. With that installed, you can configure client certificate authentication to require in the virtual server that the access policy is applied to. Once that is configured, you can gather information from the certificate in the VPE policy by adding the appropriate entry, and then doing things such as additional checks or comparing the certificate to the user, etc. Basically the sky is the limit.&nbsp;
Again, with no experience, I'd highly recommend getting some additional help.&nbsp;
Good luck with the project!&nbsp;
--D&nbsp;

ku_380664 · Answer

Hello Dave McCauley&nbsp;
thank you for your answer.&nbsp;
I understood that setting is necessary on the AD side.
Specifically, what kind of setting is necessary?&nbsp;
I want to know detailed procedures about client certificates,
Could you tell me?&nbsp;
Also, I understand that it was better to receive professional services, but I have inquired to F5 side from those who do maintenance contracts, but since I do not receive a reply even if I request reminder, I participated Community.&nbsp;

Forum Discussion

We plan to build a VPN connection using F5.

2 Replies

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

Using F5 Application Security and DOS Solutions with AWS Global Accelerator - Part 2 Building a Lab

Zero Trust building blocks - Machine Identity Management (MIM) and Workload Protection

How to Use BIG-IQ and Ansible to Build Advanced BIG-IP Automation Workflows

Zero Trust building blocks - F5 BIG-IP Access Policy Manager (APM) and PingIdentity

Re: Using Terraform and Volterra to establish secure connectivity between clouds