Forum Discussion

Nick_Matthews's avatar
Icon for Altostratus rankAltostratus
Nov 15, 2018

Load balance Windows 10 Always on VPN UDP

Hi all,


I have been tasked with trying to setup BigIP to pass traffic from a Windows 10 device using the native Always on VPN functionality which should be UDP 500 and 4500.


I thought it would just be a case of setting up a VS listening on all UDP ports (just for testing) to the RRAS Servers with an additional VS with a SNAT to allow traffic to flow back out to the client.


Unfortunately this doesn't work and all I see if a few connections hitting the UDP VS and nothing flowing back via the SNAT VS.


How is it best to troubleshoot this and are there any configuration guides I can follow as I don't have much experience of BigIP apart from basic VS setup and some iRules.


Any help would be appreciated.


4 Replies

  • I did setup 4 servers behind a BigIP VIP's successfully.

    I have 2 VIP's , one on UDP 500 and one UDP 4500

    I set it up using a FastL4 profile.



    We still have a problem with the monitoring, since we only check the UDP ports, and if something go wrong with the AO VPN servers, and the ports are still up, we still try to Load Balance to the broken server.



  • Hi,


    How do you configure the vservers for each port 500 and 4500. I saw on the blog that this vservers does not use SNAT. Should i configure the F5 as gateways of the Servers of the pool?



    • Fallout1984's avatar
      Icon for Cirrocumulus rankCirrocumulus

      I've read that if not using SNAT, then set the backend servers to use the F5 as the default gateway. That was in the comments section below the "Always On VPN IKEv2 Load Balancing with F5 BIG-IP" article on Richard M. Hicks's site. I've been asked about doing this, so I'm starting to learn about it as well.

      • mbrandon32's avatar
        Icon for Cirrus rankCirrus

        How are you IP'ing your backend servers? Single NIC on the F5 network? Or dual NICs - one on AOVPN network and one on F5 network?