Manual Chapter : Common Elements for IPsec traffic selector tasks

Applies To:

Show Versions Show Versions

BIG-IP AFM

  • 15.0.0, 14.1.0

BIG-IP ASM

  • 15.0.0, 14.1.0

BIG-IP AAM

  • 15.0.0, 14.1.0

BIG-IP APM

  • 15.0.0, 14.1.0

BIG-IP LTM

  • 15.0.0, 14.1.0
Manual Chapter

Common Elements for IPsec traffic selector tasks

A traffic selector filters traffic based on the IP addresses and port numbers that you specify.
Perform this task on both BIG-IP systems.
  1. On the Main tab, click
    Network
    IPsec
    Traffic Selectors
    .
  2. On the Main tab, click
    Network
    IPsec
    Traffic Selectors
    .
    The Traffic Selector screen opens.
  3. Click
    Create
    .
    The New Traffic Selector screen opens.
  4. In the
    Name
    field, type a unique name for the traffic selector.
  5. In the
    Description
    field, type a brief description of the traffic selector.
  6. From the
    Order
    list, select the order in which you want the traffic selector to be used.
    Available selections are:
    Last
    ,
    After
    , and
    Specify
    . If you choose
    Specify
    , then type a numeral, for example,
    2
    .
  7. From the
    Configuration
    list, select
    Advanced
    .
  8. For the
    Source IP Address or CIDR
    setting, type an IP address.
    The IP address you specify should be the host or network address from which the traffic originates.
  9. For the
    Source IP Address or CIDR
    setting, type an IP address.
    The IP address you specify should be the host or network address from which the traffic originates.
    This table shows sample source IP addresses for BIG-IP A and BIG-IP B.
    System Name
    Source IP Address
    BIG-IP A
    1.1.1.0/24
    BIG-IP B
    4.4.4.0/24
  10. For the
    Source IP Address or CIDR
    setting, type an IP address.
    This IP address must match the IP address specified for the
    Tunnel Local Address
    in the selected IPsec policy.
  11. From the
    Source Port
    list, select the source port for which you want to filter traffic, or retain the default value
    *All Ports
    .
  12. For the
    Destination IP Address or CIDR
    setting, type an IP address.
    The IP address you specify should be the host or network address to which the traffic is destined.
  13. For the
    Destination IP Address or CIDR
    setting, type an IP address.
    The IP address you specify should be the host or network address to which the traffic is destined.
    This table shows sample destination IP addresses for BIG-IP A and BIG-IP B.
    System Name
    Destination IP Address
    BIG-IP A
    4.4.4.0/24
    BIG-IP B
    1.1.1.0/24
  14. For the
    Destination IP Address or CIDR
    setting, type an IP address.
    This IP address must match the IP address specified for the
    Tunnel Remote Address
    in the selected IPsec policy.
  15. From the
    Destination Port
    list, select the destination port for which you want to filter traffic, or retain the default value
    * All Ports
    .
  16. From the
    Protocol
    list, select the protocol for which you want to filter traffic.
    You can select
    * All Protocols
    ,
    TCP
    ,
    UDP
    ,
    ICMP
    , or
    Other
    . If you select
    Other
    , you must type a protocol name.
  17. From the
    Protocol
    list, select
    Other
    , and type
    97
    the EtherIP protocol number.
  18. From the
    Direction
    list, select a traffic direction to which the traffic selector applies.
    You can select
    In
    (inbound),
    Out
    (outbound), or
    Both
    (inbound and outbound).
  19. From the
    Direction
    list, retain the default value,
    In
    .
  20. From the
    Direction
    list, select
    Both
    .
  21. From the
    Direction
    list, select
    Out
    .
  22. For the
    Direction
    setting, retain the default value,
    Both
    .
  23. From the
    Direction
    list, select
    Out
    or
    In
    , depending on whether this traffic selector is for outbound or inbound traffic.
  24. From the
    Action
    list, select
    Discard
    .
  25. From the
    Action
    list, select
    Bypass
    .
  26. From the
    Action
    list, select
    Protect
    .
    The
    IPsec Policy Name
    setting appears.
  27. For the
    Action
    setting, retain the default value,
    Protect
    .
  28. For the
    IPsec Policy Name
    setting, retain the default selection,
    default_ipsec_policy
    .
  29. From the
    IPsec Policy Name
    list, select the name of the inbound IPsec policy that you previously created.
  30. From the
    IPsec Policy Name
    list, select the name of the outbound IPsec policy that you previously created.
  31. From the
    IPsec Policy Name
    list, select an IPsec policy.
    • For the outbound traffic selector, select the IPsec policy you created for outbound traffic.
    • For the inbound traffic selector, select the IPsec policy you created for inbound traffic.
  32. From the
    IPsec Policy Name
    list, select the name of the custom IPsec policy that you created.
  33. From the
    IPsec Policy Name
    list, select the name of the IPsec policy that you created for Tunnel mode.
  34. Click
    Finished
    .
    The screen refreshes and displays the new IPsec traffic selector in the list.
  35. Repeat this task on the BIG-IP system in the remote location.
  36. Repeat this task for traffic selectors that handle outbound and inbound traffic on both the local and remote BIG-IP systems.
You now have an IPsec traffic selector for each BIG-IP system.