Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Balance IPsec tunnels from Big-IP to Azure

Hello community, hope you're fine!

I have something like a "yes" or "no" question for you guys.

We have a customer that has a DC in their HQ and a farm in Azure.

They have 1 uplink from HQ's DC to Azure, to access their servers through an IPsec VPN which is between a Cisco ASA to Azure's FW.

They want to add a second link, also with an IPsec VPN and they want to balance the traffic flowing through those 2 uplinks.

The first thing on our mind was, if we want to "active-active" load balance the traffic, we need to create the IPsec tunnels from the Big-IP against Azure. The client is 'OK' with that.

Now, in terms of documentation; I have found this 2 great articles with the step-by-step for creating an IPsec vs Azure.

article#1

article#2

From the latter I'm leaning that we CAN have 2 IPsec tunnels and apply "dynamic routing" and balance between those 2 uplinks. But I'm not 100% sure.

So, the BIG question(s) would be: Can we do that? Can we balance connections between 2 IPse tunnles created from LTM Big-IP against the same ending point in Azure?

Any other suggestions will be much appreciated!

Thanks in advanced.

0
Rate this Question

Answers to this Question