cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

VPN SSL Users migration

Marieme
Cirrus
Cirrus

Hi,

We have our F5 4000 platform that will be replaced.

we have on that platform 2000 VPN SSL users , and reverse proxy / Load balancer

I would like to have any idea for these migration.

Could we migrate all users at the same time? how can we process?

Public addresses also change for VIP how can we take in account this change.

Since new F5 will be install, could we export ucs config file and import it on the new one?

 

Thanks for your help and for your quick reply

 

Regards

1 ACCEPTED SOLUTION

Thank you very much for your helpful feeback and explanation.

I will apply your recommandation then and keep you posted.

 

Regards,

View solution in original post

6 REPLIES 6

Hi,

 

You can create a active/standby cluster of 4 BIG-IP's (old and new). Sync the configuration and do a failover to the new hardware.

Later you can remove the old hardware from the cluster.

Your users won't notice you did the failover (if the setup is done correctly).

 

Cheers,

 

Kees

Hi,

Thanks for your feedback. I did not mentionned it but the new cluster is on cloud Azure.

Should we proceed the same?

Regards

Hi,

 

No you did not. Then I would create the new cluster, ssl vpn configuration. Test it with a small group of testers and then migrate all users to the new solution. (DNS change).

I would not use a UCS backup, I would use parts of a SCF to create the virtual servers on the Azure hosted BIG-IP's.

 

Cheers

Thanks for this reply.

Without importing UCS, which way is the good one to import/ modify VIP configuration since pubic IP addresses change.

 

Regards

In Azure you can not configure a public IP on the BIG-IP. Only private IP's.

I would export the SSL VPN policy from APM. Install the same version of TMOS in Azure.

Take a SCF backup and extract the parts of the SSL VPN Virtual server. Modify the destination IP.

First import the Access Policy.

On the CLI in Azure perform a

tmsh load sys configure merge from-terminal

And past you virtual server configuration, end with Ctrl D

 

Cheers,

 

Kees

Thank you very much for your helpful feeback and explanation.

I will apply your recommandation then and keep you posted.

 

Regards,