I need your kind help for a design considering the following scenario:
Nowadays, I have a firewall that is managing a public segment 184.108.40.206/24 and it is using the 220.127.116.11 to perform two actions: 1) to establish VPN IPsec tunnels towards many other IPsec peers in the internet, and 2) to take out users navigation traffic from the internal network.
I need to displace the firewall so the LTM can manage the public segment. How could achieve this? I need to use the LTM to allow the users navigation and to let pass (passthrough) the VPN IPsec traffic. For the first thing, I think I need a SNAT with 18.104.22.168 as the translation address, but I am not sure about how to treat the VPN IPsec traffic. Do I need special virtual servers to achieve that? Do you think I will have troubles or conflicts because I only have one IP to do both things?
You should be able to accomplish this with an IP forwarding or FastL4 virtual server but be sure to follow K14169 to disable the necessary DB variable.