Solved
Forum Discussion
zeiss_63263
Jun 01, 2018Historic F5 Account
Whether you use "interface" or "tunnel" mode doesn't actually matter for the purpose of interop. The remote peer cannot tell what mode the BIG-IP is in. The policy's tunnel mode is a logical construction in the BIG-IP config. The BIG-IP does exactly the same IPsec negotiation regardless of the mode.
The "interface" mode option was introduced to allow administrators the ability to attach tunnel interfaces to routes. There are also features that allow interface mode to extend to a more of a dynamic routing model; that's for advanced scenarios though and we recommend it for cloud scenarios.
The "interface" mode is fiddly to configure so I recommend "tunnel" mode for most users.