F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP TMOS: Tunneling and IPsec
  3. Configuring IPsec in Tunnel Mode between a Remote Device and BIG-IP using Dynamic Template
  4. Task summary for configuring IPsec in tunnel mode using dynamic template
  5. Creating an IKE Peer for dynamic template
Manual Chapter : Creating an IKE Peer for dynamic template

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.5.0, 17.1.2, 17.1.1, 17.1.0

BIG-IP Link Controller

  • 17.5.0, 17.1.2, 17.1.1, 17.1.0

BIG-IP LTM

  • 17.5.0, 17.1.2, 17.1.1, 17.1.0

BIG-IP AFM

  • 17.5.0, 17.1.2, 17.1.1, 17.1.0

BIG-IP ASM

  • 17.5.0, 17.1.2, 17.1.1, 17.1.0
Manual Chapter

Creating an IKE Peer for dynamic template

Use this task to create an IKE peer for dynamic template.
You must also configure the device at the other end of the IPsec tunnel.
  1. On the Main tab, click
    Network
    IPsec
    IKE Peers
    .
  2. Click the
    Create
     button.
    The New IKE Peer screen opens.
  3. In the
    Name
     field, type a unique name for the IKE peer.
  4. In the
    Description
     field, type a brief description of the IKE peer.
  5. In the
    Remote Address
     field, type the IP address of the device that is remote to the system you are configuring.
    This address must match the value of the
    Tunnel Remote Address
     setting in the relevant IPsec policy.
  6. For the
    State
     setting, retain the default value,
    Enabled
    .
  7. In the
    Version
     field, select
    Version 2
    .
  8. For the Dynamic Endpoint Properties, in the
    Dynamic Address
     field, type the peer dynamic address. For example, 192.0.2.1. This address must match the
    Tunnel Remote Address
     setting in the IPsec policy.
  9. In the
    Address List
     field, enter list of IPv4 and/or IPv6 subnets from which IP addresses are allocated for configuration payloads in IKE_AUTH. For example, 192.168.44.0/24 2001:db8::fffc:0:4a5/120.
    Devices in site A are allocated with IP addresses from the IP addresses given in address list.
  10. In the
    DHCP address IPv4
     field, type the DHCP address to return for INTERNAL_IP4_DHCP configuration payload requests in IKE_AUTH.
  11. In the
    DHCP address IPv6
     field, type the DHCP address to return for INTERNAL_IP6_DHCP configuration payload requests in IKE_AUTH.
  12. In the
    DNS address IPv4
     field, type the DNS address to return for INTERNAL_IP4_DNS configuration payload requests in IKE_AUTH.
  13. In the
    DNS address IPv6
     field, type the DNS address to return for INTERNAL_IP6_DNS configuration payload requests in IKE_AUTH.
  14. In the
    Remote Port
     field, type the port number alternative to 500 for the remote peer's port.
  15. In the
    Local Port
     field, type the port number alternative to 500 for the local IKE listener port.
  16. For the Common Settings area, retain all default values.
  17. In the
    Presented ID Value
     field, enter the IP address to present as the BIG-IP system identity.
  18. In the
    Verified ID Value
     field, enter the IP address for the remote peer that the BIG-IP system should expect to receive and verify. For example, 192.0.2.1.
  19. Click
    Finished
    .
    The screen refreshes and displays the new IKE peer in the list.
You now have an IKE peer defined for establishing a secure channel.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information