Forum Discussion
F5 3900 LTM and outbound ipsec problem
Hi all,
I have some troubles with the configuration of IPSEC tunnels with our BigIP 3900 LTM (v11 HF2).
Setup:
Lan1 <-> Firewall <-> Internet <-> F5 LTM 3900 <-> internal Lan <-> Firewall <-> LAN2
I managed to connect two different Firewalls with the BigIP and the tunnel is working fine when the the traffic is initiated from Lan1. When I try to initiate an connection from Lan2 to Lan1 the BigIP doesn't establish an IPsec tunnel.
The IPsec - Traffic Selector configuration should be fine, but it seems that it's not routing the traffic through the IPsec tunnel.
Source IP Address: LAN2
Destination IP Address: LAN1
All Ports and Protocols enabled
Direction: Both
Action: Protect
No Nat on Firewall
Any idea?
Thx,
Daniel
- Cholito_15468
Nimbostratus
HI dankopfe you have two virtual server. - Daniel_Kopfenst
Nimbostratus
Hi Cholito, - Daniel_Kopfenst
Nimbostratus
double post
- Cholito_15468
Nimbostratus
very nice - Techgeeeg
Nimbostratus
Hi, - marco_octavian_
Nimbostratus
I have a similar config working. Outbound is fine, actually two-way communication is just fine. As stated in my other post, 11.4 gave me issues but 11.5.1 is fine.
I actually have my LTM behind a Cisco router 2821 performing nat out of my home lab connecting via IPsec to my work office. local_lan LTM <-> 2821 (internet) 2901 <-> local_lan
The local_lan is also where my pool members reside. I just used a Laptop with static routes to test but it is working fine.
Does phase 2 look good on both ends? Check the acl/rulebase/policy on the firewall? What kind of firewall is it?
- A_Shack_161373
Nimbostratus
Has anyone managed to get this working? I am having the same issue (ipsec pass-through)
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com