Multiple IPSec tunnels to the same remote peer

Hello,

The remote peer is a SASE cloud vendor so I cannot control it. They have pops all over the world and we have to connect to the closest one because of latency.

The 1Gbps limit is the max performance for each tunnel regarding the cloud vendor documentation. I guess that they have multiple IPSec terminators (with 1g capacity each) behind the same public IP because NAT-T is required.

In our scenario, the traffic selector is set to 0.0.0.0/0 in source and destination because the purpose is to route navigation traffic to inspect and filter it in this cloud solution.

ESP is not really connectionless for the enpoints because all ESP packets should match a session with its encryption, authentication and integrity, right? But yes, for the inline devices, is connectionless

For example, I have creted this type of scenario with cisco routers or paloalto firewalls by creating 2 ike-peers and using the same IPs in both enpoints. You only have to specify different identifiers (fqdns for example) for each ike-peer

The problem I have with F5 is that I cannot even create 2 ike-peers with the same remote address

Regards