Question about IPSEC

Question

Hi Guys,&nbsp;
I am having an issue with IPSEC between F5 and CISCO ASA. IPSEC is working however when IPSEC is down i.e. no traffic between the two system when I try to bring up the tunnel from CISCO ASA end vie ping or telnet it doesnt not bring up the tunnel. However when I try to ping from F5 to CISCO ASA end it works fine and bring up the tunnel. And ofcourse now I am able to ping from CISCO end to F5.&nbsp;
I do remember this happening but it was fixed as CISCO ASA end but i cannot remember. Does anyone here know or experienced this issue before?&nbsp;
Thanks,  &nbsp;

pedro_haoa · Answer

Hi,&nbsp;
Try to put some traffic from behind de Cisco ASA to de F5. Also, check carefully the configuration in the ASA. There are many posibilities, most of them can be resolve checking the configuration file, do some comparisons and check with the SDM tool the IPSec configuration.&nbsp;
In the BIG-IP the config is very straightforward.&nbsp;

vitaliy_savrans · Answer

Hi, 
check your access-list, which is using in crypto map. I think the "ping" from ASA interface didn't describe in it.&nbsp;

mr_evil_116524 · Answer

Thanks guy, it appears that under traffic selector you have an option where you can define A HOST or Network. However what I Did since I need to go out from ONE HOST to A network I did host for source and destination for network.&nbsp;
So when I change it to Network for source and network for destination it started to work. However this is the weird part I had two traffic selector using the same IPSEC policy and they were host for source and destination for network, one was working and other wasnt it. &nbsp;
I dont know whether f5 only allows you to do host to host and network to network ..... does anyone know?&nbsp;
No changes were made to forwarding VIP....&nbsp;

Forum Discussion

Question about IPSEC

3 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Understanding IPSec IKEv2 negotiation on Wireshark

Understanding IPSec IKEv1 negotiation on Wireshark

Passthrough IPSec with AFM

Bgp inside ipsec tunnel

BIG-IP to Azure Dynamic IPsec Tunneling