Setup site-to-site IPsec tunnel for single BigIP partition

I am trying to setup a VPN between our on-premise environment and Microsoft Azure. The information is pretty straightforward and it should be quite easy. The only odd thing is that our external VIP is only available within a partition in the BigIP configuration and does not reside in /Common unlike all the examples.

Whenever I create a single IPsec IKE Peer under the administrative partition and set the remote address (leaving any other configuration untouched), the racoon service restarts. I find the following errors in the racoon log file:

2017-06-21 10:57:54: INFO: Reading configuration from "/etc/racoon/racoon.conf"
2017-06-21 10:57:54: ERROR: getaddrinfo(13.94.240.25%100,500): Name or service not known
2017-06-21 10:57:54: ERROR: fatal parse failure.
2017-06-21 10:57:54: ERROR: failed to parse configuration file.
2017-06-21 10:57:56: INFO: Reading configuration from "/etc/racoon/racoon.conf"
2017-06-21 10:57:56: ERROR: getaddrinfo(13.94.240.25%100,500): Name or service not known
2017-06-21 10:57:56: ERROR: fatal parse failure.
2017-06-21 10:57:56: ERROR: failed to parse configuration file.
2017-06-21 10:58:08: INFO: Reading configuration from "/etc/racoon/racoon.conf"
2017-06-21 10:58:08: ERROR: getaddrinfo(13.94.240.25%100,500): Name or service not known
2017-06-21 10:58:08: ERROR: fatal parse failure.
2017-06-21 10:58:08: ERROR: failed to parse configuration file.
2017-06-21 10:58:10: INFO: Reading configuration from "/etc/racoon/racoon.conf"
2017-06-21 10:58:10: ERROR: getaddrinfo(13.94.240.25%100,500): Name or service not known
2017-06-21 10:58:10: ERROR: fatal parse failure.
2017-06-21 10:58:10: ERROR: failed to parse configuration file.

The same thing happens if I create an IPsec Traffic Selector with our internal network:

2017-06-21 10:58:19: INFO: Reading configuration from "/etc/racoon/racoon.conf"
2017-06-21 10:58:19: ERROR: getaddrinfo(10.0.0.0%100,0): Name or service not known
2017-06-21 10:58:19: ERROR: fatal parse failure.
2017-06-21 10:58:19: ERROR: failed to parse configuration file.
2017-06-21 10:58:21: INFO: Reading configuration from "/etc/racoon/racoon.conf"
2017-06-21 10:58:21: ERROR: getaddrinfo(10.0.0.0%100,0): Name or service not known
2017-06-21 10:58:21: ERROR: fatal parse failure.
2017-06-21 10:58:21: ERROR: failed to parse configuration file.

100 is in this case the partition default route domain, but it seems it is not accepted?

Am I missing something or is it simply not possible to create an IPsec tunnel from any other partition but the default one; /Common?

Version: BIG-IP 11.5.4 Build 4.0.313 Hotfix HF4

application delivery

Azure

LTM

Forum Discussion

Setup site-to-site IPsec tunnel for single BigIP partition

Recent Discussions

Need help on i-rule to specific uri path

Reverse Proxy Not Behaving

F5 terminal - help to run commands - disk space full

vulnerabilities-CVE-2020-16150 & CVE-2013-0169

google autenticator broken barcode

Related Content

Redirecting to an external site when the internal site is down

When using F5 Distributed Cloud Platform, never deal with Site to Site IP conflicts again!

Use F5 Distributed Cloud to Connect Apps Running in Multiple Clusters and Sites

How To Protect Your Applications from Cross Site Request Forgery (CSRF) with F5 Distributed Cloud

How to block web site technologies information with ASM/Advance WAF