Applies To:Show Versions
- 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
Overview: Forwarding Non-Optimized IP traffic through an IPsec tunnel
When you configure an iSession connection using the Quick Start screen, you can specify IPsec encapsulation for outbound iSession traffic. If you select IPsec, the BIG-IP system also encrypts the TCP traffic for the applications you select when you create iApps templates for optimizing applications.
If you also want to send secured and encrypted non-TCP traffic, you can create a forwarding virtual server that uses the iSession routing to send all IP traffic not matched by other virtual servers through the IPsec tunnel. To accelerate the traffic, you can add IP Payload Compression Protocol (IPComp) to the IPsec tunnel. You would choose IPComp when you expect a great deal of compressible non-TCP traffic.
Creating a virtual server for all IP iSession traffic
- On the Main tab, click .
- Click the Create button.
- Type a unique name for the virtual server, such as non_tcp_traffic.
- For the Type setting, select Forwarding (IP) from the list.
For the Destination setting, select
Network and indicate your objective:
Note: For best results, F5 recommends that you enter the subnet and mask that match your destination server network.
- To select all IP addresses, in the Address field, type 0.0.0.0, and in the Mask field, type 0.0.0.0.
- To specify a network, in the Address field, type a network IP address, such as 10.07.0.0, and in the Mask field, type the netmask, such as 255.255.0.0.
- In the Service Port field, type * or select * All Ports from the list.
- In the Configuration area of the screen, from the Protocol list, select *All Protocols.
In the Acceleration area of the screen, from the iSession
Profile list, select an iSession profile.
Note: This setting is available only if you have licensed and provisioned the Application Acceleration Manager (AAM) product.
- Click Finished.
Adding compression to an IPsec policy
- On the Main tab, click .
- Click the Create button. The New Policy screen opens.
- In the Name field, type a unique name for the policy.
- For the IPsec Protocol setting, retain the default selection, ESP.
- From the Mode list, select iSession Using Tunnel.
- For the Authentication Algorithm setting, retain the default value, or select the algorithm appropriate for your deployment.
- For the Encryption Algorithm setting, retain the default value, or select the algorithm appropriate for your deployment.
- For the Perfect Forward Secrecy setting, select the option appropriate for your deployment.
- Only if you want to use IPComp to compress the traffic in the IPsec tunnel, from the IPComp list, select DEFLATE.
- For the Lifetime setting, retain the default value, 1440. This is the length of time (in minutes) before the current security association expires.
- Click Finished. The screen refreshes and displays the new IPsec policy in the list.