Last Modified: Apr 28, 2025
Affected Product(s):
APM-Clients APM
Known Affected Versions:
7.1.9, 7.1.9.7, 7.1.9.8, 7.1.9.9
Fixed In:
7.2.2
Opened: Jan 28, 2020 Severity: 3-Major
BIG-IP APM Network Access VPN systems can be load balanced with the BIG-IP LTM system (see https://support.f5.com/csp/article/K33765223). If BIG-IP LTM and APM Network Access VPN systems use different ports, then the Mac Edge Client fails to establish a VPN. Mac Edge Client uses APM VPN virtual server port for the VPN connection instead of LTM one.
Mac Edge Client fails to establish a VPN connection if APM Network Access systems use different port than the BIG-IP LTM system.
Mac Edge Client fails to establish a VPN connection if following conditions are met: - Connection is made through load balancing LTM virtual server (or another router/firewall device); - APM Network Access VPN virtual server is configured on different port than LTM virtual server.
To workaround the issue the BIG-IP LTM virtual server port should be explicitly specified in the Access Policy using a Session Assignment agent, eg.: "session.server.network.port" = expr { "443" }
Now the Mac Edge Client can successfully establish a VPN tunnel in load balancing setup, even if LTM and APM systems use different ports for the virtual servers.