Forum Discussion

Cirrus

Nov 21, 2015

Configure F5 for IPsec VPN as pass through

Hello, We wish to implement the IPsec VPN via F5. The traffic flow as, Client(windows mobile) --> Internet --> Firewall --> LTM(one armed mode, SNAT) --> Microsoft TMG. When we try to ...

Historic F5 Account

Jul 26, 2016

As a postscript to this thread: the ipsec.lookupspi is only of relevance when the data flow happens as ESP in IP and not ESP in UDP port 4500 (in IP). When NAT is detected, the IPsec peers should switch to UDP port 4500 and the ESP once the tunnel is established will be encapsulated in UDP.

In such a scenario ipsec.lookupspi is of no relevance because the connection flow characteristics are set up based on the IP/UDP data.

In the scenario that Kannan has proposed, SNAT is supported on the Virtual Server (make sure it is a forwarding Virtual Server), however that also guarantees that the float to UDP port 4500 will happen and so ipsec.lookupspi is redundant in this scenario.

Forum Discussion

Configure F5 for IPsec VPN as pass through

Recent Discussions

Ngingayitsengaphi Imali Mgunyati?(WhatsApp+33745432312)

Waar kan ik vals geld kopen? (WhatsApp+33745432312)

Acquistare banconote contraffatte?(Telegram.@tesgkm)

APM combine check for ldap group plus IP ACL

Error in REST https call to get the Auth token v15.1.8

Related Content

Understanding IPSec IKEv2 negotiation on Wireshark

Understanding IPSec IKEv1 negotiation on Wireshark

Passthrough IPSec with AFM

Bgp inside ipsec tunnel

BIG-IP to Azure Dynamic IPsec Tunneling