IPSec tunnel for AD authentication traffic.

Question

I'm needing to tunnelize AD authentication traffic from F5 BigIP in our DMZ to AD servers residing inside the network server farm.  Security policy requires me to tunnelize and encrypt this traffic.  I've read:&nbsp;
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-11-2-0/11.html&nbsp;
Can I use the same source IP address (float-IP on the interface) to create the tunnel as well as to act as source for the authentication traffic?  &nbsp;
How to accomplish this configuration?&nbsp;

embee_57573 · Answer

I think you should craft a virtual server for the Active Directory with a pool with the ADservers, adding a ssl server profile.&nbsp;

joe_p_117994 · Answer

I realize I didn't supply full information.  The authentication is needed from within an APM policy.  The APM AAA selector allows for creation of a single DC, or for a defined pool of DCs.  I've got the pool defined.  However, I need to tunnelize the traffic that originates from that pool.  I'm in the process of building tunnels in DEV/TEST.  I think the tunnels will come up fine, I just can't see how to steer the "interesting" traffic down them--since they both originate from the same float address.

Forum Discussion

IPSec tunnel for AD authentication traffic.

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Failing over Virtual F5 VE to DR location using Zerto

Failing over of a Virtual F5 configuration to another location using Zerto restore process

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

Related Content

SSL VPN Split Tunneling and Office 365

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

DNS Tunnel Mitigation v2

F5 BIG-IP Access Policy Manager (APM) Machine Tunnels for Windows

DNS Tunneling Protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS