BIG-IP Sourced Traffic Over IPSec
Good afternoon team,
I am attempting to build an IPSec tunnel between F5's in a multi-cloud environment. Phase 1 comes up but I cannot seem to make my traffic match the traffic selectors. I've tried using several different traffic selectors such as pairs that match self IP on the interfaces, self IP's on the tunnel interfaces, all zeroes to force a route based VPN. Even though I explicily source my pings, traffic never matches the traffic selector. I get zero hits on the traffic selector and tcpdumps reveal that no ESP packets are sent; only IPSec negotiation packets.
I just want to know that it's possible to source traffic on the same F5 that the tunnel is built on. I have been successful with other IPSec tunnels with the F5 but never where the F5 is the traffic source. IPSec on the F5 has always been almost the most convoluted out of all vendors (except for perhaps CP) so it wouldn't surprise me that I am trying for something that isn't even possible. Please community, confirm for me one way or the other.
Kind regards,
Nicolas