Forum Discussion

Nimbostratus

Apr 27, 2018

ipsec

Hello everybody, I have an architecture with 24 IPSEC servers behind a BigIP 2000 cluster. Customers are mobile phones configured with a public address as an IPSEC termination. Each pu...

MVP

Apr 28, 2018

from what i understand you want to load balance IPsec through the BIG-IP

first of all make sure you disable the F5 looking at the ipsec traffic, else it will fail

https://support.f5.com/csp/article/K14169

it suggests L4 which i would keep on any service, so you don't have to worry about difference between 4500 and 500 and ESP protocol

for persistence you need to look at the options

if IP source based persistence isnt possible due to change client IP you need to find something else.

it might be you just get different tunnels every time

https://devcentral.f5.com/questions/load-balancing-vpn-connection

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ipsec

Tyler - May 2026 Featured Member

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

F5 Send email and snmp trap from LTM log event

shame on f5

Dynamic import of data groups

ASM allow specific url from outside country of geolocation ON

AWAF Detection Inconsistency Between Similar Test Payloads

Related Content

Understanding IPSec IKEv2 negotiation on Wireshark

Understanding IPSec IKEv1 negotiation on Wireshark

Integrating External Connectors in Distributed Cloud: IPSec, BGP, & Routing Policy with AWS & Cisco

Passthrough IPSec with AFM

BIG-IP to Azure Dynamic IPsec Tunneling

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS