Forum Discussion

Dave1013_121746's avatar
Dave1013_121746
Icon for Nimbostratus rankNimbostratus
Jan 19, 2016

IPSec tunnel between LTM and all local nodes

We have a need to encrypt all connections between the LTM and local nodes. There are a significant number (> 500) of nodes in question. SSL is not an option and the nodes are already configured with OpenSwan using RSA keys.

 

I've read through a bunch of documentation:

 

Configuring IPsec for Tunnel Mode and Dynamic Security Negotiation

 

Configuring IPsec between a BIG-IP System and a Third-Party Device

 

and a question regarding something somewhat similar (pool nodes only) but using shared keys (which we can not use):

 

IPsec between F5 virtual server and its pool member

 

None of the interoperability matrices I have seen even list IPSec and RSA keys as interoperable with LTM (only pre shared keys are listed):

 

BIG-IP System IPsec Interoperability Compatibility Matrix

 

BIG-IP System IPsec IKEv1 Interoperability Matrix

 

BIG-IP System IPsec IKEv2 Interoperability Matrix

 

It just isn't clear to me that configuring IKE peer, IPSEC Policy and IPSec Traffic Selector is the correct way to do what we need to do (which again is connecting to nodes OpenSwan using RSA keys). Is it or how should it be done? Has anyone done something similar?

 

No RepliesBe the first to reply