Forum Discussion

AYDIN_NAIR_3157's avatar
AYDIN_NAIR_3157
Icon for Nimbostratus rankNimbostratus
Feb 05, 2019

DMVPN load balance issue.

  • Hi All, I will configured Cisco DMVPN load balancing on the BIG-IP LTM 14.1.0 version for tow many location.Our topoloji ( Remote site <--> MPLS <--> FW <--> Metro SW <--> F5 <--> Cisco 1002X ). An than i'm configured wildcard virtual server ( 1.1.1.1:* ) permit any port, any protocol, default source ip persistence profile and i use default fastL4 profile. when i configured one or two remote site via F5 LTM to Cisco 1002X it's running smoothly vpn connections and it's works good performans. But when i redirect all remote site via F5 LTM to Cisco 1002X all remote site vpn connections unstable. Do you have any idea or any best practice document?.
application delivery
BIG-IP
LTM
security

1 Reply

Sort By
  • AYDIN_NAIR_3157's avatar
    AYDIN_NAIR_3157
    Icon for Nimbostratus rankNimbostratus
    Feb 05, 2019

    • our configuration below.

       

    • ltm virtual /Common/IPSec_Vs_4500 {

       

    • auto-lasthop disabled
    • destination /Common/88.88.88.88:0
    • mask 255.255.255.255
    • persist {
    • /Common/IPSec_Source_Addr {
    • default yes
    • }
    • }
    • pool /Common/IPSec_Pool
    • profiles {
    • /Common/IPSec_FastL4 { }
    • }
    • source 0.0.0.0/0
    • translate-address disabled
    • translate-port disabled
    • }
    • ltm pool /Common/IPSec_Pool {
    • members {
    • /Common/192.168.1.1:0 {
    • address 192.168.1.1
    • }
    • /Common/192.168.1.2:0 {
    • address 192.168.1.2
    • }
    • /Common/192.168.1.3:0 {
    • address 192.168.1.3
    • }
    • /Common/192.168.1.4:0 {
    • address 192.168.1.4
    • }
    • /Common/192.168.1.5:0 {
    • address 192.168.1.5
    • }
    • }
    • monitor /Common/UDP_4500* }
    • ltm profile fastl4 /Common/IPSec_FastL4 {
    • app-service none
    • idle-timeout 300
    • mss-override 0
    • pva-acceleration full
    • reassemble-fragments disabled
    • reset-on-timeout enabled
    • }
    • ltm persistence source-addr /Common/IPSec_Source_Addr {
    • app-service none
    • map-proxies enabled
    • mask none
    • mirror disabled
    • timeout 180
    • } *