Forum Discussion
Anoop_Dharan_20
Nimbostratus
NimbostratusIPSEC between F5 and third party device
Hi All,
I am trying to configure IPSEC between F5 and another 3rd party device. Wondering if i can use interface mode for the same. Running on 11.6.2.0 HF1. As per article https://support.f5.com...
Whether you use "interface" or "tunnel" mode doesn't actually matter for the purpose of interop. The remote peer cannot tell what mode the BIG-IP is in. The policy's tunnel mode is a logical construction in the BIG-IP config. The BIG-IP does exactly the same IPsec negotiation regardless of the mode.
The "interface" mode option was introduced to allow administrators the ability to attach tunnel interfaces to routes. There are also features that allow interface mode to extend to a more of a dynamic routing model; that's for advanced scenarios though and we recommend it for cloud scenarios.
The "interface" mode is fiddly to configure so I recommend "tunnel" mode for most users.