iRule to block IPSEC outbound responses

Question

Hello friends,&nbsp;
Due to I am having asymmetric traffic which does not allow a VPN IPSEC tunnel to be established, I need to to block IPSEC tunnel initiation by a peer VPN behind the BIG-IP. I think that the easiest way would be an irule triggered in CLIENT_ACCEPTED to drop the connections.&nbsp;
Anyone could recommend me any way to design such irule?&nbsp;
Thanks in advance.&nbsp;
Regards&nbsp;
JM&nbsp;

the_bhattman · Answer

Hi JM,
   Yes you could.  There is a command called (IP::protocol) which returns the protocol value.  This value can identify components in the VPN like ESP, AH along with UDP protocol port IKE
Thus you could have the following: 
when CLIENT_ACCEPTED  {
    if {[IP::protocol] == 50 || [IP::protocol] == 51 || [UDP::local_port] == 500}  {
         drop
       }
}

I hope this helps
-=Bhattman=-

Forum Discussion

iRule to block IPSEC outbound responses

1 Reply

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Introduction of Incident Response

iRule to take cookie from HTTP Response into HTTP Request via table

custom response page for api

Unique Identifier for irules Http response

irule replace and modify uri and response