Forum Discussion

Bill_Chipman_10's avatar
Bill_Chipman_10
Icon for Nimbostratus rankNimbostratus
Feb 07, 2015

Does anyone have 11.6 LTM doing IPsec with 3rd party device

We are trying to create ipSec tunnel with 3 traffic selectors on one IKE peer. The tunnel will come up, however we aren't able to get any traffic flowing over the link. Traceroute shows that the conn...
application delivery
deployment
ipsec
LTM
  • Mahmoud_Eldeeb_'s avatar
    Mahmoud_Eldeeb_
    Feb 08, 2015

    my experience with big ip for ipsec, it doesn't work properly i tried a lot with link controller to terminate and to by pass ipsec traffic nothing works, many technical cases with no progress

     

Hannes_Rapp's avatar
Hannes_Rapp
Icon for Nimbostratus rankNimbostratus
Nov 17, 2016

It's an aged protocol, the wrong way of building networks. IPSec is being phased out with many clients I work with. One has a policy to not allow any IPSec implementations if both peers are not from the same vendor, on the same hardware, AND on the same software version. I think it's a great guideline to follow. Considering that 2-3 notable IPSec tunnel disruptions per week are common in x-vendor implementations, it's questionable if this protocol even has any practical use in today's production systems.

 

  • Consider a central-services site (or lease cloud), and access your important business services via HTTPS, over the internet (public IP). Consider a MPLS private leased line if you have $ to spend. Anything you save in implementation costs by going for IPSec you lose due to service disruptions and break-fix maintenance costs (recurring tunnel resets, outage investigations etc.)