F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Daniel_Kopfenst's avatar
Daniel_Kopfenst
Icon for Nimbostratus rankNimbostratus
Sep 26, 2012

F5 3900 LTM and outbound ipsec problem

Hi all,   I have some troubles with the configuration of IPSEC tunnels with our BigIP 3900 LTM (v11 HF2).   Setup:   Lan1 <-> Firewall <-> Internet <-> F5 LTM 3900 <-> internal Lan <-> Firew...
config
design
marco_octavian_'s avatar
marco_octavian_
Icon for Nimbostratus rankNimbostratus
Jul 14, 2014

I have a similar config working. Outbound is fine, actually two-way communication is just fine. As stated in my other post, 11.4 gave me issues but 11.5.1 is fine.

 

I actually have my LTM behind a Cisco router 2821 performing nat out of my home lab connecting via IPsec to my work office. local_lan LTM <-> 2821 (internet) 2901 <-> local_lan

 

The local_lan is also where my pool members reside. I just used a Laptop with static routes to test but it is working fine.

 

Does phase 2 look good on both ends? Check the acl/rulebase/policy on the firewall? What kind of firewall is it?