Forum Discussion
wendelyes
Altostratus
AltostratusMultiple IPSec tunnels to the same remote peer
Hello everyone, I need to load balance traffic to a third party with IPSec. I have configured an IPsec tunnel using the IPSec Interface mode, assigning a /30 self-ip to the tunnel and creating a ...
wendelyesAltostratus
AltostratusI don't think the routing would be an issue. My idea was to use IPSec interfaces with a /30 so, for example:
Tunnel1-self-ip: 10.0.0.1/30
Tunnel1-self-ip: 10.0.0.5/30
Next step would be to create a pool with the following nodes:
Tunnel1-node: 10.0.0.2
Tunnel2-node: 10.0.0.6
Creating a fastL4 virtual-server with this pool and disabling address and port translation should do the routing job. Also I could assign persistences, iRules etc to handle the traffic over the two tunnels. Remeber that the traffic destination is internet so could be any public IP.
This scenario works fine but the problem is that I cannot create two ipsec peers to the same destination ip.
The scenario you mentioned with multiple ISPs connected to the F5 is a very good example. I could need two tunnels for redundancy if I have two different ISPs