Forum Discussion
AYDIN_NAIR_3157
Nimbostratus
NimbostratusDMVPN load balance issue.
- Hi All, I will configured Cisco DMVPN load balancing on the BIG-IP LTM 14.1.0 version for tow many location.Our topoloji ( Remote site <--> MPLS <--> FW <--> Metro SW <--> F5 <--> Cisco 1002X ). An than i'm configured wildcard virtual server ( 1.1.1.1:* ) permit any port, any protocol, default source ip persistence profile and i use default fastL4 profile. when i configured one or two remote site via F5 LTM to Cisco 1002X it's running smoothly vpn connections and it's works good performans. But when i redirect all remote site via F5 LTM to Cisco 1002X all remote site vpn connections unstable. Do you have any idea or any best practice document?.
1 Reply
AYDIN_NAIR_3157-
our configuration below.
-
ltm virtual /Common/IPSec_Vs_4500 {
- auto-lasthop disabled
- destination /Common/88.88.88.88:0
- mask 255.255.255.255
- persist {
- /Common/IPSec_Source_Addr {
- default yes
- }
- }
- pool /Common/IPSec_Pool
- profiles {
- /Common/IPSec_FastL4 { }
- }
- source 0.0.0.0/0
- translate-address disabled
- translate-port disabled
- }
- ltm pool /Common/IPSec_Pool {
- members {
- /Common/192.168.1.1:0 {
- address 192.168.1.1
- }
- /Common/192.168.1.2:0 {
- address 192.168.1.2
- }
- /Common/192.168.1.3:0 {
- address 192.168.1.3
- }
- /Common/192.168.1.4:0 {
- address 192.168.1.4
- }
- /Common/192.168.1.5:0 {
- address 192.168.1.5
- }
- }
- monitor /Common/UDP_4500* }
- ltm profile fastl4 /Common/IPSec_FastL4 {
- app-service none
- idle-timeout 300
- mss-override 0
- pva-acceleration full
- reassemble-fragments disabled
- reset-on-timeout enabled
- }
- ltm persistence source-addr /Common/IPSec_Source_Addr {
- app-service none
- map-proxies enabled
- mask none
- mirror disabled
- timeout 180
- } *
-
