Forum Discussion

Harris_Hassan_3's avatar
Harris_Hassan_3
Icon for Nimbostratus rankNimbostratus
May 09, 2008

VPN connection behind F5 Link controller

Hi ,     Just wondering , has anyone done a VPN termination which terminates on a firewall behind an F5 link Controller. Having some issues establishing a tunnel despite NAT'ing the Firewa...
config
design
kenny_keng_7131's avatar
kenny_keng_7131
Icon for Nimbostratus rankNimbostratus
Dec 11, 2008

Posted By keith_richards on 05/10/2008 7:41 AM

 

Yes, I have seen this working between Check Point Firewall-1 gateways - even works with path probing so the VPN can failover between ISPs. I think that you would be best sending IKE negotiation debug info to a Juniper forum and see if that shows up an issue. There isn't an inherent reason why an IPsec VPN can't work through Link Controllers.

 

To get the F5 to load balance IPSEC packets to and from the firewall you need to create Performance (Layer 4) type of virtual server and made sure that it was set to allow any protocol.

 

 

 

hi keith_richards,

 

 

we meet the same problem with checkpoint and F5 LC

 

our condition: LC has 2 wan link and do NAT job. Checkpoint outside interface use private ip address . we use static NAT ip address at VPN setup in checkpoint.

 

it can be working ,but can not failover.

 

as you mentioned : even works with path probing so the VPN can failover between ISPs.

 

could you please share you configure about checkpoint vpn Configure ?

 

 

Thank you very much.