Forum Discussion

James_Rey_18035's avatar
James_Rey_18035
Icon for Nimbostratus rankNimbostratus
Mar 17, 2016

Establish IPSec VPN with F5 Big-IP and Fortigate 30C.

Our primary requirement is to establish IPSec VPN with our F5 Big-IP 5050 on our DataCenter to Fortigate 30C on our branches across the globe.

 

Question 1. We haven't successfully done the configuration with both using Static IP. What is the right configuration? 2. Is F5 capable on establishing IPSec VPN to Fortigate 30C's via Dynamic IP? 3. Is F5 capable on establishing IPSec VPN to Fortigate 30C's via Dynamic DNS? 4. What are other method we can establish VPN from F5 to Fortigate 30C?

 

Help.

 

  • zeiss_63263's avatar
    zeiss_63263
    Historic F5 Account

    Based on the provided information there would be no way to tell what the "right configuration" is. Generally, the user picks the preferred cipher / transform set and configures phase1 and phase2 on both devices accordingly.

     

    1. Is F5 capable on establishing IPSec VPN to Fortigate 30C's via Dynamic IP?
    2. Is F5 capable on establishing IPSec VPN to Fortigate 30C's via Dynamic DNS?

    No. An enhancement request for DNS support on IPsec objects does exist (ID591205 "Support FQDN on policy endpoint addresses"). Whether the address is "dynamic" means nothing in this context as long as the FQDN is the same, but there have been very few customer requests for this.