For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

cawong23_136311's avatar
cawong23_136311
Icon for Altostratus rankAltostratus
9 years ago

Site to site ipsec vpn pass through Link Controller

Hi all,   Recently I need to configure LC to pass through site to site ipsec vpn traffic, I have checked f5 and devcentral resources but there are no detailed configuration or manual talking abou...
BIG-IP
LTM
security
tira_li_302756's avatar
tira_li_302756
Icon for Nimbostratus rankNimbostratus
9 years ago

Hi Leonardo,

 

I recently have met the similar situation, here is the info: user -- checkpoint -- LC-- Internet -- checkpoint -- Other site users I have created the VS with destination VPN public IP、pool CP private IP with all protocol; VS with outbound 0.0.0.0、pool pool_gateway with all protocol. Through wireshark, phase I has been established, however there were no phase II packets. From CP, we always see the error that the pre-share-key mismatch even the key is so the same. CP TAC suggest that we deleted all VS and just created a NAT on NAT list in LC, that can work. However we just want to use VS to narrow down the public IP with related port in order to avoid attack, so any suggestion? thx in advance

 

Leonardo_Souza's avatar
Leonardo_Souza
Icon for Cirrocumulus rankCirrocumulus
9 years ago

SNAT default setting is to allow only TCP and UDP. Check the setting in System -> Configuration -> Local Traffic -> SNAT Packet Forwarding.