Forum Discussion
NimbostratusHow can I do a IPSEC VPN
NimbostratusOk, thansk for your help, only one thing I don't know if I have a missconfiguration about the how can do that the private remote network be reachable from my device, this part is only with the traffic selectors where I share all the address or I need to do something about routes, or any other configuration, because I am thinking about the problem and I suppose that if I put the route to the link of my isp I put out the networks from my vpn.
if I put the route to the link of my isp I put out the networks from my vpn
That won't happen if the selectors are in place. If the traffic-selector does not match the private traffic then yes, it would be routed out to the internet. If the tunnel is down and the packets match the selector, then the BIG-IP will try to establish the tunnel and even if the tunnel fails to start the packets will not be routed out the internet.
You mentioned earlier that you had a gateway pool and I think there could be a problem there if you're trying to use the pool. Like I say, it's too complicated to give specific advice without asking for data that you should not publish here, hence my recommendation to contact a partner or F5 support for analysis.
- Ricardo_Raza_14
Ok, was very helpfull your answer, and yes I have a pool gateway because I need to load balancing 3 ISPs, but in the case of the vpn I create a specefic route to the destination through one ISP.
Here I have another question, is possible that in my slefIP configure 190.x.x.2 my gateway is 190.x.x.1, Is possible that use the same self IP to surfing in the internet and with the same stablish a VPN?
Regards
Using 190.x.x.2 as the IPsec local IP for the IPsec tunnel does not prevent you from using the IP for other purposes (like default internet access). It's okay.
Also, you can use a local self IP or a floating self IP.
