For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

leosilvapaiola_'s avatar
leosilvapaiola_
Icon for Nimbostratus rankNimbostratus
Mar 07, 2019

Balance IPsec tunnels from Big-IP to Azure

Hello community, hope you're fine!

 

I have something like a "yes" or "no" question for you guys.

 

We have a customer that has a DC in their HQ and a farm in Azure.

 

They have 1 uplink from HQ's DC to Azure, to access their servers through an IPsec VPN which is between a Cisco ASA to Azure's FW.

 

They want to add a second link, also with an IPsec VPN and they want to balance the traffic flowing through those 2 uplinks.

 

The first thing on our mind was, if we want to "active-active" load balance the traffic, we need to create the IPsec tunnels from the Big-IP against Azure. The client is 'OK' with that.

 

Now, in terms of documentation; I have found this 2 great articles with the step-by-step for creating an IPsec vs Azure.

 

article1

 

article2

 

From the latter I'm leaning that we CAN have 2 IPsec tunnels and apply "dynamic routing" and balance between those 2 uplinks. But I'm not 100% sure.

 

So, the BIG question(s) would be: Can we do that? Can we balance connections between 2 IPse tunnles created from LTM Big-IP against the same ending point in Azure?

 

Any other suggestions will be much appreciated!

 

Thanks in advanced.

 

application delivery
Azure
BIG-IP
big-ip ltm
LTM
security
No RepliesBe the first to reply