VPN IPsec through F5 LTM

Question

Hello folks:&nbsp;I need your kind help for a design considering the following scenario:&nbsp;Nowadays, I have a firewall that is managing a public segment 200.200.200.0/24 and it is using the 200.200.200.10 to perform two actions: 1) to establish VPN IPsec tunnels towards many other IPsec peers in the internet, and 2) to take out users navigation traffic from the internal network.&nbsp;I need to displace the firewall so the LTM can manage the public segment. How could achieve this? I need to use the LTM to allow the users navigation and to let  pass (passthrough) the VPN IPsec traffic. For the first thing, I think I need a SNAT with  200.200.200.10 as the translation address, but I am not sure about how to treat the VPN IPsec traffic. Do I need special virtual servers to achieve that? Do you think I will have troubles or conflicts because I only have one IP to do both things?&nbsp;Thanks folks..!&nbsp;Regards&nbsp;Jorge

andrew-f5 · Answer

Jorge,&nbsp;You should be able to accomplish this with an IP forwarding or FastL4 virtual server but be sure to follow K14169 to disable the necessary DB variable.&nbsp;K7595: Overview of IP forwarding virtual serversK14169: Passing IPsec ESP traffic through an IP forwarding virtual server&nbsp;Best,Andrew

Forum Discussion

VPN IPsec through F5 LTM

Recent Discussions

SNI Sites not taking correct certificate.

How to Renew F5 Device Certificate

irule to enable http/2 acceleration

Service discovery is not happening in AS3

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

Related Content

Understanding IPSec IKEv2 negotiation on Wireshark

Understanding IPSec IKEv1 negotiation on Wireshark

Passthrough IPSec with AFM

BIG-IP to Azure Dynamic IPsec Tunneling

SSL VPN Split Tunneling and Office 365

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS