Lab 1.6 - Create the Virtual Server

In this section you will configure a RADIUS server to enable simulated MFA capabilities.

Task - Configure Virtual Server

  1. Navigate to Local Traffic >> Virtual Servers >> Virtual Server List, then click the + (plus symbol) to create a new virtual Server

    image32

  2. Enter mtls_vs for the Name

  3. Enter 10.1.10.105 for the DestinationAddress/Mask

  4. Enter 443 for the Service Port

  5. Select http for HTTP Profile (Client)

  6. Select client_certsso from the SSL Profile (Client) List

    image33

  7. Select server_certsso from the SSL Profile (Server) List

  8. Select Auto Map from the Source Address Translation dropdown Box

  9. Select cert_sso from the Access Profile dropdown Box

    image34

  10. Select the irule Cert_SSO

  11. Select mtls_pool for the Default Pool

  12. Click Finished

Note

The following iRule must be used when inserting custom extensions using C3D.

1
2
3
4
5
when SERVERSSL_CLIENTHELLO_SEND {
   set username [ACCESS::session data get "session.logon.last.username"]
   set domain [ACCESS::session data get "session.ad.last.actualdomain"]
   SSL::c3d extension 1.1.1.1 "Minted Extension=$username@$domain"
}

image35