Forum Discussion

Nimbostratus

Jan 15, 2009

VNP Configuration Behind Link Controller

Hi, Just wondering , has anyone done a VPN termination which terminates on a firewall behind an F5 link Controller. I think that my configuration is Ok but the IKE tunnel is always in MM_WAIT_...

config

design

JRahm

Admin

Jan 16, 2009

port usage for nat is tricky based on many factors, including whether your firewall is the initiator or the responder, or possible to be both. You may need a default forwarder 0.0.0.0:0 outbound from your firewall connected vlan unless you know all your peer endpoints, but you might get by with 500/4500 udp ports enabled in both directions. I doubt this will cover every scenario, however, because whereas a stateful firewall will build the chain to return a packet sourced to your allowed destination (in this case, 500/4500), the LTM will not.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

VNP Configuration Behind Link Controller

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

JSON Web Key Set Endpoint

Related Content

JWT authorization with NGINX Ingress Controller

Double Trouble: Multiple Controllers Handling the Same Kubernetes LoadBalancer Service

wccp configuration for SSL Orchestrator

Overview of API Access Control and implementing API key access control with BIG-IP APM

Announcing F5 NGINX Ingress Controller v4.0.0

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS