LTM 13.0 Unable to create IPSec with traffic domain other than 0
Two F5 LTM VE systems. upgraded to 13.0
The goal is to create IPSec Tunnel when traffic selector is at non-0 Route Domain. IPsec tunnel works(ed) with only route domain 0.
There are: 1. Two interfaces - Untagged, External with Public Self IP and tagged Internal with RFC 1918 Self-IP IP address 2. VLAN on on tagged interface (just one for testing) on both systems created on tagged interface 3. Route domain 0 is associated with Public Self IP/external interface 4. Route domain 1 is associated with Private Self IP/VLAN
It is possible to ping both public IP and private IP for each system in the corresponding networks.
When creating traffic selector end adding %1 (route domain ID) at the end of Source IP address following message is received:
01070734:3: Configuration error: Source address and destination address cannot be in different route domain
When adding %1 both to source and destination IP addresses at the traffic selector, different message is received
01070734:3: Configuration error: Traffic selector (/Common/ZRHPAL_SEL) and IPsec policy (/Common/ZRHPAL_TUN) cannot be in different route domain
We are stuck here. Please help.
It worked without route domains, but we will need to use route domains and VLANs in the deployment.