Forum Discussion
CirrusBIG-IP Sourced Traffic Over IPSec
CirrusYou can do this but but first I would recommend two things:
1. Use IKEv2
2. Use Route-based tunnels only with a traffic selector of 0.0.0.0/0 for both the source and destination.
I have yet to come across a piece of equipment where we are unable to successfully build a IKEv2 route-based tunnel. Do take note of https://support.f5.com/csp/article/K31553030
There are two ways to route traffic into the tunnel:
1. Routes are created on the Big-IP to funnel traffic into the appropriate tunnel. One issue with this solution is that if you have multiple tunnels terminating on the same Big-IP then traffic can flow from one tunnel to the other based on these routes. This may be good or bad depending on your requirement.
2. A virtual server is created for each of the individual routes that must be reached through the tunnel on the remote network. This virtual server will have a pool with one member which points to the far end of the transport tunnel. The virtual server will also listen only to the source IP and/or vlan you choose. Use this option if you want to ensure that traffic cannot flow between tunnels.
