VPN IPsec through F5 LTM

Question

Hello folks:&nbsp;I need your kind help for a design considering the following scenario:&nbsp;Nowadays, I have a firewall that is managing a public segment 200.200.200.0/24 and it is using the 200.200.200.10 to perform two actions: 1) to establish VPN IPsec tunnels towards many other IPsec peers in the internet, and 2) to take out users navigation traffic from the internal network.&nbsp;I need to displace the firewall so the LTM can manage the public segment. How could achieve this? I need to use the LTM to allow the users navigation and to let  pass (passthrough) the VPN IPsec traffic. For the first thing, I think I need a SNAT with  200.200.200.10 as the translation address, but I am not sure about how to treat the VPN IPsec traffic. Do I need special virtual servers to achieve that? Do you think I will have troubles or conflicts because I only have one IP to do both things?&nbsp;Thanks folks..!&nbsp;Regards&nbsp;Jorge

andrew-f5 · Answer

Jorge,&nbsp;You should be able to accomplish this with an IP forwarding or FastL4 virtual server but be sure to follow K14169 to disable the necessary DB variable.&nbsp;K7595: Overview of IP forwarding virtual serversK14169: Passing IPsec ESP traffic through an IP forwarding virtual server&nbsp;Best,Andrew

Forum Discussion

VPN IPsec through F5 LTM

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Understanding IPSec IKEv2 negotiation on Wireshark

Understanding IPSec IKEv1 negotiation on Wireshark

Crafting Secure Paths: The Intricacies of VPN Solutions on BIG-IP APM

Passthrough IPSec with AFM

Bgp inside ipsec tunnel