IPSec with BIG-IP as end point questions
it is good F5 decided to support this a while ago, but the documentation could be a little better. now it is some general remarks and then one example.
my main question is about the "forwarding virtual server for IPsec". in the example this is created as a virtual server that pretty much picks up all traffic on all VLANs (and tunnels). is that really needed? can't it be configured less extreme, if so what is needed.
next to that there is reference to "The default VLANs" internal and external, are those as such required? wont it work with other names?
in some of the guide the need for self IPs disappears and only management is needed, can you use the management IPs as the end point IP, or must it be a self IP?
and nowhere i can find anything about IPSec in a cluster environment. anything to keep in mind?