Forum Discussion

Joe_P_117994's avatar
Joe_P_117994
Icon for Nimbostratus rankNimbostratus
Jun 19, 2014

IPSec tunnel for AD authentication traffic.

I'm needing to tunnelize AD authentication traffic from F5 BigIP in our DMZ to AD servers residing inside the network server farm. Security policy requires me to tunnelize and encrypt this traffic. I've read:

 

http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-11-2-0/11.html

 

Can I use the same source IP address (float-IP on the interface) to create the tunnel as well as to act as source for the authentication traffic?

 

How to accomplish this configuration?

 

2 Replies

  • I think you should craft a virtual server for the Active Directory with a pool with the ADservers, adding a ssl server profile.

     

    • Joe_P_117994's avatar
      Joe_P_117994
      Icon for Nimbostratus rankNimbostratus
      I realize I didn't supply full information. The authentication is needed from within an APM policy. The APM AAA selector allows for creation of a single DC, or for a defined pool of DCs. I've got the pool defined. However, I need to tunnelize the traffic that originates from that pool. I'm in the process of building tunnels in DEV/TEST. I think the tunnels will come up fine, I just can't see how to steer the "interesting" traffic down them--since they both originate from the same float address.