F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

BIG-IP to Azure Dynamic IPsec Tunneling

In one of my previous posts we took a look at configuring the BIG-IP to act as a site-to-site VPN tunnel endpoint for connecting on-premises environments with Azure.  At the time the BIG-IP only supp...
Published Dec 16, 2015
Version 1.0
BIG-IP
cloud
deployment
ipsec
LTM
microsoft
microsoft azure
Bhavin's avatar
Bhavin
Icon for Nimbostratus rankNimbostratus
Jul 14, 2019

In step 1, the PFS needs to be set to none to match Azure default settings. Otherwise the Phase 2 tunnel doesn't renew after it reaches its lifetime. I've been fighting this the past few days and with F5 support discovered that is the setting that's needed.

 

You can have multiple tunnels on the same float IP or self IP.