Forum Discussion
NimbostratusVPN Traffic through F5 BIG-IP
NimbostratusI might be able to give you some ideas as I have a lot trouble just to setup IPSEC tunnel, I take you you already have IPSEC tunnel between your site and external system? and you must have traffic selector which mean you know you are mapping your internal IP to remote internal once you do that you will need to create forward VIP with source remote internal IP to destination your internal IP. that should work.
BUT one thing to remember if you checkpoint it ONLY one server please do not make a mistake to put that IP as the destination IP, you must just that server as a pool. If you do not do this say for some reason your checkpoint server needed to be restarted and it does come backup it WILL NOT be able to assign the same IP as it is now used by F5. We had the same issue last week man it was a pain to figure it out but eventually I did.
I hope this helps.
Ralf_Schubert_1I'm not sure if i understand you right, do you mean the following? Let's assume the F5 has the public IP x.x.x.236 on which IPSec traffic should be accepted and forwarded. It also has the internal IP y.y.y.2. F5 now should forward the IPSec Traffic coming on x.x.x.236 to the internal checkpoint server at y.y.y.1. So you mean i create a virtual server with Forwarding (IP) mode, source x.x.x.236 and destination y.y.y.1? Are you sure that works? Or did i understand you totally wrong? Thanks for your help- mr_evil_116524Hello, may be we are talking about two things, when you say IPSEC did you create a IPSEC tunnel between your F5 and remote site? I am talking about peer IPs. In there you should have specified local and remote internal IPs? Please confirm, also see the following link : http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip_tmos_implementations_11_0_0/5.html
