Simple BIG-IP to BIG-IP, On-prem to Public Cloud IPsec Configuration Guide

  Hybrid infrastructure models are nothing new, they just happen to be the reality that most enterprises find themselves in today. Whether it’s compliance/data security that necessitates splitting...
Published Apr 10, 2019
Version 1.0
AWS
Azure
cloud
dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Mar 12, 2020

Hi Ryan,

I wonder if it's possible to create IPSec VPN from BIG-IP directly to remote servers (configured as Pool Members on BIG-IP). SO setup like that:

  1. Standard typ VS with IP set as Destination (not wildcard or network) - clients in internal network will use this IP to reach Pool Members (PM), so BIG-IP Self IP is not used as gateway on clients
  2. VS has Pool attached with let's say two PMs
  3. SNAT Automap is used for VS
  4. Traffic to each PM should be protected with IPSec - so Remote Endpoint would be IP of PM (or target server)
  5. IPSec should be initiated to each of PM (servers) by BIG-IP

Is above config possible or not really?

Thanks in advance,

Piotr