Lab 3 – Configuring a VPN Policy

In this lab, we will use the Device Wizard to configure a new SSL VPN service with the necessary Network Access Resources on APM.


Lab Requirements:

  • BIG-IP with APM licensed and activated
  • Server running AD and Web services
  • Local Host file entries on the Jump Host

Task – Use the Wizard to create a new Remote Access service

The Wizard simplifies configuration tasks for specific use cases.

  1. From the main menu on the left side of the screen, browse to the Wizards > Device Wizards and select the radio button for “Network Access Setup Wizard for Remote Access”.


  2. Click Next.

  3. For the Policy Name field, enter MyVPNPolicy. This should auto populate the caption field. Uncheck the “Enable Antivirus Check in Access Policy” checkbox and click Next.


  4. From the Select Authentication screen, choose the “Use Existing” radio button, select the AAA server “Lab_SSO_AD_Server::Active Directory” configured previously in Lab 2 and click Next.


  5. Assign an IP Address Range to be used for the VPN connection on the “Configure Lease Pool” page. Click the radio button for “IP Address range” and enter the range “”, click Add and click Next.


  6. On the “Configure Network Access” page, select “Use split tunneling for traffic” and for “IPV4 Lan Space”, enter the network “”, mask “”, click Add, leave everything else default and click Next.


  7. Accept the default on the “Configure DNS Hosts for Network Access” page and click Next.


  8. On the “Virtual Server (HTTPS connection)” page, enter “” for the IP address of the Virtual Server that users will connect to for access to the VPN. Uncheck the “Create Redirect Virtual Server” option and click Next.


  9. Verify your settings on the Review page and click Next when satisfied.

  10. The Setup Summary page will display a list of the configuration objects that the Wizard created for you. Click Finished.

Task – Testing

  1. Open a web browser to the virtual server created in the above step by navigating to You will be presented with a Logon page similar to the one from the last lab. |


  2. Enter the following credentials:

    Username: user

    Password: Agility1

    This will initialize, authenticate and establish a new VPN connection to the Network Resource that was configured. You will be presented with a new page that shows the connection details.


  3. Open a new browser tab and confirm that you are now connected to the internal network by browsing directly to the HTTP server used in the pool for the previous labs: You should see a page similar to the following:


  4. Close the page then click Logout on the F5 VPN page to terminate your VPN connection and close the browser window.