Forum Discussion

mvukusic's avatar
mvukusic
Icon for Altocumulus rankAltocumulus
May 14, 2014

IPsec between F5 virtual server and its pool member

Hello,   Is it possible to build IPsec tunnel between F5 LTM virtual server and its pool member? Pool member would be Windows 2008 server. So far I have only found the instructions how to configur...
application delivery
design
LTM
microsoft
security
TMOS
John_Ogle_45372's avatar
John_Ogle_45372
Icon for Nimbostratus rankNimbostratus
Jun 30, 2014

This is great. Let me ask another question before I attempt to recreate this, today. From reading your notes, it appears that you did NOT use a separate subnet for the IPsec tunnel itself which is what is typically done and shown in the LTM guide. Ex: (windows server subnet)192.168.1.0--10.10.10.1/24->ipsec_tunnel<-10.10.10.2/24--192.168.5.0/24 (pool member subnet)

 

Are you saying that the self-ip address of the LTM and the ip address of the pool member itself are the IPSec tunnel endpoints (IKE peers)? This would mean that you are load balancing to the pool member ip address which is also the ipsec endpoint. Correct?

 

Finally, I prefer to use SNAT but I don't think that will be an issue.

 

Thank you,