Forum Discussion

Cirrus

Nov 21, 2015

Configure F5 for IPsec VPN as pass through

Hello, We wish to implement the IPsec VPN via F5. The traffic flow as, Client(windows mobile) --> Internet --> Firewall --> LTM(one armed mode, SNAT) --> Microsoft TMG. When we try to ...

Historic F5 Account

Jul 26, 2016

As a postscript to this thread: the ipsec.lookupspi is only of relevance when the data flow happens as ESP in IP and not ESP in UDP port 4500 (in IP). When NAT is detected, the IPsec peers should switch to UDP port 4500 and the ESP once the tunnel is established will be encapsulated in UDP.

In such a scenario ipsec.lookupspi is of no relevance because the connection flow characteristics are set up based on the IP/UDP data.

In the scenario that Kannan has proposed, SNAT is supported on the Virtual Server (make sure it is a forwarding Virtual Server), however that also guarantees that the float to UDP port 4500 will happen and so ipsec.lookupspi is redundant in this scenario.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Configure F5 for IPsec VPN as pass through

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Understanding IPSec IKEv2 negotiation on Wireshark

Understanding IPSec IKEv1 negotiation on Wireshark

Passthrough IPSec with AFM

Bgp inside ipsec tunnel

BIG-IP to Azure Dynamic IPsec Tunneling

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS