product icon

F5 BIG-IP APM VPN configuration for the LastPass Universal Proxy LDAPS protocol

    This is a step-by-step description of how to configure F5 BIG-IP APM VPN for LastPass Universal Proxy using the LDAPS protocol, in order to set LastPass MFA as a secondary authentication method. The following steps contain the Universal Proxy related settings.

    About this task:

    The following main steps are necessary for the configuration:

    Configure your LDAP server properties

    1. Log in to the F5 BIG-IP APM management console in a browser.
    2. In the left navigation, go to Access > Authentication.
    3. Select LDAP.
    4. Click Create.
    5. In the Name field, enter a name for your server.
    6. In the Server Connection field, select Use Pool.
    7. In the Server Pool Name filed enter the IP address of the Universal Proxy, then click Add. The value will be populated in the Server Addresses field.
    8. In the Service Pool Monitor field, choose tcp.
    9. In the Mode field, select LDAPS.
    10. In the Service Port field, enter the port number (default is 636). This is the port that is set in the Universal Proxy configuration.
    11. In the Base Search DN field, add the base search DN in the following format: ou=Users,dc=domain,dc=country_code.
    12. In the Admin DN field, add the admin DN in the following format: CN=Administrator,CN=Users,DC=domain,DC=country_code.
    13. In the Admin Password, and Verify Admin Password fields, enter the LDAP admin user password.
      Note: In our solution the LDAP bind operation uses the distinguished name (DN) and user password.
    14. In the Group Cache Lifetime field, enter 30.
    15. From the SSL Profile (Server) list, select an SSL server profile. You can select the default profile, serverssl, if you do not need a custom SSL profile.
    16. In the Timeout field, enter 60.
    17. Click Finished.

    Configure your Access Policy

    1. In the Main tab, go to Access > Profile / Policies > Access Profiles.
    2. In the Access Profile List tab find your policy and click Edit in the Access Policy column.

      The F5 BIG-IP APM visual policy editor opens the access policy.

    3. Click your policy.
    4. In the Properties tab set the following fields:
      Server
      Choose your server from the list.
      SearchDN
      dc=domain,dc=country_code
      SearchFilter
      (samAccountName=%{session.logon.last.username})
    5. Click Save.
    Results: You have now configured LDAPS authentication for your F5 BIG-IP APM VPN.
    Related Articles