Forum Discussion
NimbostratusConfiguring IPSec with HA configuration
I have a pair of F5 LTMs (HA) whihc I need to configure an IPSec tunnel to a 3rd party device. Is it possible to create the tunnel endpoint using the Floating SelfIP to provide a level of redundancy?
6 Replies
vandenhoutenp_9Hi there,
Yes it is. Presumably your devices are in an active/standby pair?
Thanks
Peter
NZ_David_20489Yes the devices are active/standby. So just to confirm, Are you saying that we can use a floating self IP.- vandenhoutenp_9That's correct. With our setup we had the two devices configured with 192.168.0.1 and 192.168.0.2 with 192.168.0.3 being the floating IP address. For the traffic selector you obviously just need to ensure that your source address matches the floating IP address.
- Domai
Altostratus
I think you should be able to use the floating self ip and set this up. Let me know how this goes please.
- NZ_David_20489
FYI We have tested and using the floating IP works. However (as expected) failover if failover occurs its not seemless
joelmoxeyMaybe the best way to handle a more seamless failure would be to run two traffic groups, one active (and preferred) on each node... each with an IKE gateway. This then could be made seamless if the application is clever enough to know it has 2 paths available.
I am also looking at similar implementation.
