Forum Discussion

5 Replies

  • would you like to terminate IPSec traffic at BIG-IP, or to IPSec traffic will pass-through BIG-IP ?

     

    • wwalla_99196's avatar
      wwalla_99196
      Icon for Nimbostratus rankNimbostratus
      Ipsec traffic will terminate on the f5 with an asa on the inside passing the traffic to the inside core. Imagine our 4k ltm/gtm dual isp vpn tunnels terminating at a 3rd party site. We would like our outbound connections to this 3rd party site to be load balanced or at least failover to the 3rd party.
  • Also there is a white paper it might help http://preview.f5networks.net/pdf/white-papers/microsoft-direct-access-white-paper.pdf

     

  • I am in a similar situation. I have 2 ipsec tunnels over different carriers terminated by bigip and cisco asa. With the traffic-selector abstraction, there does not seem to be a way to monitor and score tunnels for an active/standby configuration or load balancing. I have not been able to successfully use "ipsec-policy" "mode interface". Any recommendation would be greatly appreciated.