Forum Discussion
Harris_Hassan_3
Nimbostratus
NimbostratusVPN connection behind F5 Link controller
Hi ,
Just wondering , has anyone done a VPN termination which terminates on a firewall behind an F5 link Controller. Having some issues establishing a tunnel despite NAT'ing the Firewa...
bruce_p_11387Nimbostratus
NimbostratusPosted By kky on 05/12/2008 6:46 PM
I do have few customer using Link controller to front the VPN gateway.
In order for VPN to work behind Link Controller, we need to make sure the VPN gateway work behind the NAT device. I believe most of the current firewall should support this.
for incoming traffic
----------------------------------
1. create VS with port 0 and associate with the firewall_pool. select performanceL4 and select All protocol.
2. create VS with port 500 and associate with the firewall_pool_500. this is for IKE traffic.select performanceL4 and select All protocol.
for VPN outgoing traffic
------------------------------
to my understanding we cannot load balance VPN traffic, what we can do is provide failover if the primary link is down. to do VPN outbound LB,
1. create a vpn_gateway_pool with 1 of the link higher priority.
2. create a vpn_wildcard_vs port 500 and associate with vpn_gateway_pool.
3. create a snat_pool with VPN public IP addresses as snat pool members.
regards,
KY
Would you have to do this for every IPSEC tunnel you have, or would you do this just once per firewall on your public address space (i.e. one for fw 192.168.1.1 & once for 192.168.1.2)?
