Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

VPN SSL Users migration

Go to solution
Marieme
Cirrus
Cirrus

‎03-May-2021 05:55

Hi,

We have our F5 4000 platform that will be replaced.

we have on that platform 2000 VPN SSL users , and reverse proxy / Load balancer

I would like to have any idea for these migration.

Could we migrate all users at the same time? how can we process?

Public addresses also change for VIP how can we take in account this change.

Since new F5 will be install, could we export ucs config file and import it on the new one?

 

Thanks for your help and for your quick reply

 

Regards

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Marieme
Cirrus
Cirrus
In response to KeesvandenBos

‎10-May-2021 06:42

Thank you very much for your helpful feeback and explanation.

I will apply your recommandation then and keep you posted.

 

Regards,

View solution in original post

0 Kudos
6 REPLIES 6

Go to solution
KeesvandenBos
MVP
MVP

‎10-May-2021 05:08

Hi,

 

You can create a active/standby cluster of 4 BIG-IP's (old and new). Sync the configuration and do a failover to the new hardware.

Later you can remove the old hardware from the cluster.

Your users won't notice you did the failover (if the setup is done correctly).

 

Cheers,

 

Kees

0 Kudos

Go to solution
Marieme
Cirrus
Cirrus
In response to KeesvandenBos

‎10-May-2021 06:00

Hi,

Thanks for your feedback. I did not mentionned it but the new cluster is on cloud Azure.

Should we proceed the same?

Regards

0 Kudos

Go to solution
KeesvandenBos
MVP
MVP

‎10-May-2021 06:14

Hi,

 

No you did not. Then I would create the new cluster, ssl vpn configuration. Test it with a small group of testers and then migrate all users to the new solution. (DNS change).

I would not use a UCS backup, I would use parts of a SCF to create the virtual servers on the Azure hosted BIG-IP's.

 

Cheers

0 Kudos

Go to solution
Marieme
Cirrus
Cirrus
In response to KeesvandenBos

‎10-May-2021 06:20

Thanks for this reply.

Without importing UCS, which way is the good one to import/ modify VIP configuration since pubic IP addresses change.

 

Regards

0 Kudos

Go to solution
KeesvandenBos
MVP
MVP

‎10-May-2021 06:37 - last edited on ‎04-Jun-2023 20:54 by Fog

In Azure you can not configure a public IP on the BIG-IP. Only private IP's.

I would export the SSL VPN policy from APM. Install the same version of TMOS in Azure.

Take a SCF backup and extract the parts of the SSL VPN Virtual server. Modify the destination IP.

First import the Access Policy.

On the CLI in Azure perform a 

tmsh load sys configure merge from-terminal

And past you virtual server configuration, end with Ctrl D

Cheers,

Kees

0 Kudos

Go to solution
Marieme
Cirrus
Cirrus
In response to KeesvandenBos

‎10-May-2021 06:42

Thank you very much for your helpful feeback and explanation.

I will apply your recommandation then and keep you posted.

 

Regards,

0 Kudos
Copyright © 2023 Khoros, LLC