Link controlling vpn

Question

dears , kindly can f5 link controller works for SSL and ipsec vpn (both site 2 site and remote access) ?&nbsp;

stephanmanthey · Answer

Hi Hamza, 
Sorry for replying that late.&nbsp;
Link Controller itself does not provide the ability to terminate VPN tunnels.&nbsp;
For pure high availability of VPN services it may be used.&nbsp;
It´s probably easy in the case of SSL VPN because DNS name resolution is very likely involved (client tries to connect to a SSL VPN gateway by using it´s FQDN) and TCP/443 for transport.&nbsp;
It becomes more difficult with IPSec based VPN for several reasons:&nbsp;
1. Tunnel end points might be addressed directly via IP addresses (no DNS name resolution involved).&nbsp;
2. IPSec is using two protocols (ESP and UDP/500).&nbsp;
3. UDP-wrapping may be required to avoid NAT related issues (the Link Controller has to apply destination NAT on incoming packets and source NAT on outgoing packets).&nbsp;
4. The Link Controller has to be configured to apply SNAT to all IP traffic (by default only TCP and UDP based traffic is SNATed).&nbsp;
In the bottomline it can work in case you are considering the points above.&nbsp;
Happy new year, Stephan&nbsp;

Forum Discussion

Link controlling vpn

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Anchor Link Redirect

JWT authorization with NGINX Ingress Controller

APM VPN Bandwidth Controller iApp

Distributed caching of authentication requests with NGINX Ingress Controller

Crafting Secure Paths: The Intricacies of VPN Solutions on BIG-IP APM