Forum Discussion

Harris_Hassan_3's avatar
Harris_Hassan_3
Icon for Nimbostratus rankNimbostratus
May 09, 2008

VPN connection behind F5 Link controller

Hi ,     Just wondering , has anyone done a VPN termination which terminates on a firewall behind an F5 link Controller. Having some issues establishing a tunnel despite NAT'ing the Firewa...
config
design
kykong_107132's avatar
kykong_107132
Icon for Nimbostratus rankNimbostratus
May 13, 2008

 

I do have few customer using Link controller to front the VPN gateway.

 

In order for VPN to work behind Link Controller, we need to make sure the VPN gateway work behind the NAT device. I believe most of the current firewall should support this.

 

 

for incoming traffic

 

----------------------------------

 

1. create VS with port 0 and associate with the firewall_pool. select performanceL4 and select All protocol.

 

 

2. create VS with port 500 and associate with the firewall_pool_500. this is for IKE traffic.select performanceL4 and select All protocol.

 

 

 

for VPN outgoing traffic

 

------------------------------

 

to my understanding we cannot load balance VPN traffic, what we can do is provide failover if the primary link is down. to do VPN outbound LB,

 

 

1. create a vpn_gateway_pool with 1 of the link higher priority.

 

2. create a vpn_wildcard_vs port 500 and associate with vpn_gateway_pool.

 

3. create a snat_pool with VPN public IP addresses as snat pool members.

 

 

 

regards,

 

KY