Configuring IPSec with HA configuration

Question

I have a pair of F5 LTMs (HA) whihc I need to configure an IPSec tunnel to a 3rd party device. Is it possible to create the tunnel endpoint using the Floating SelfIP to provide a level of redundancy?

vandenhoutenp_9 · Answer

Hi there,&nbsp;
Yes it is. Presumably your devices are in an active/standby pair?&nbsp;
Thanks&nbsp;
Peter&nbsp;

nz_david_20489 · Answer

Yes the devices are active/standby.  So just to confirm, Are you saying that we can use a floating self IP.

domai · Answer

I think you should be able to use the floating self ip and set this up. Let me know how this goes please.&nbsp;

vandenhoutenp_9 · Answer

That's correct. With our setup we had the two devices configured with 192.168.0.1 and 192.168.0.2 with 192.168.0.3 being the floating IP address. For the traffic selector you obviously just need to ensure that your source address matches the floating IP address.

nz_david_20489 · Answer

FYI We have tested and using the floating IP works.  However (as expected) failover if failover occurs its not seemless&nbsp;

Forum Discussion

Configuring IPSec with HA configuration

6 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Certificate Expiry Email alert configuration

relocation cpu core on vcmp host the guest configuration back to default configuration

Re: LTM SYN Cookie Configuration

Stable point of Configuration " Rescue Point "

Declarative Onboarding / Configuration not or partially deployed and configuration deletion