IPSec VPN Tunnel between routers via F5 LTM

For the load balancing of IPSec VPN connections I know this will work fine, you will need to use persistence to deal with re-connections which would likely need to be source address or some custom universal profile with an iRule.

As for the Virtual Server address being on the same IP subnet as the VPN routers this shouldn't be an issue as long as you do not have multiple Self-IP addresses on different VLANs that share the same Subnet (unless you are using Route Domains then even this is possible).

• F5 VLAN Y Self IP addresses as on a different IP subnet than 10.x.x.x/24
• Ensure route is added for VPN router IP Subnet to route via gateway via VLAN Y (only required if VPN Routers are not on the same layer 2 connection as the F5)
• Create Nodes and Pool for VPN Routers.
• Create the Virtual Server with destination IP (e.g. 10.x.x.254/32) and Assign only to VLAN X.
• Ensure route exists on the network for the Virtual Server Address forwarding to F5 floating Self-IP on VLAN Y.

So you setup you F5 as needed then add a host route on the network for the Virtual Server address to the front facing VLAN, VLAN X

1. I would start with Standard VS and ensure it is working first. Later you can change to Performance Layer 4.

    

2. -

    

3. Yes, under the pool set the pool members service port to be * (Any/All Services) then for the Virtual Server set the Service Port to also be * (Any/All Ports)

    

4. Host route is just a route for a /32 or a single IP address, not knowing your network setup you may not need this as you might not needs this. Basically you need to ensure client connection requests to the Virtual Server Address are routed to the F5 VLAN X.