Forum Discussion

Nimbostratus

Feb 15, 2019

IPSec VPN - Must the tunnel local address be the self/floating IP address?

Hello everyone, Regrading IPSec VPN (tunnel mode) setup, I have no idea whether the tunnel local address can be different than the self/floating IP address (another IP address in the same range ...

Employee

Dec 22, 2020

Answering this comically late. The tunnel local address MUST be a self IP.

You can configure a non-existent self IP as the tunnel local IP in the IPsec configuration but the tunnel won't work properly until you configure a matching self IP.

Floating self IPs are preferred because with mirroring it also provided HA failover of the tunnels. For HA failover of IPsec tunnels, a floating self IP must be used and the tunnel must be IKEv2.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

IPSec VPN - Must the tunnel local address be the self/floating IP address?

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

CSV to Address External Datagroup File

SNAT IP address logging

Ipv6 address

RADIUS update NAS-IP-Address

APM custom address space by client IP?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS