This guide provides instructions on how to configure a tunnel for your site. F5® Distributed Cloud Services support the IPsec tunnel type with Pre-Shared Key (PSK).
Tunnel configuration allows you to specify parameters for configuring static tunnels. Configuration involves specification of encapsulation and related parameters to be used for this tunnel's Payload traffic.
- F5 Distributed Cloud Account is required.
Note: In case you do not have an account, see Create an Account.
- One or more registered sites in the enterprise tenant.
Note: If you do not have a registered site, see How-to Create a Site.
Create a Tunnel
Perform the following steps to create a tunnel in F5 Distributed Cloud Console:
Step 1: Log into F5® Distributed Cloud Console, go to tunnels.
F5® Distributed Cloud Console> select
Multi-Cloud Network Connectbox.
Note: Homepage is role based, and your homepage may look different due to your role customization. Select
All Servicesdrop-down menu to discover all options. Customize Settings:
Edit work domain & skillsbutton >
Advancedbox > check
Work Domainboxes >
Namespacefeature is in correct namespace, drop-down selector located in upper-left corner. Not available in all services.
Tunnelsto see a list of existing tunnels.
Note: If options are not showing available, select
Advanced nav options visiblein bottom left corner. If needed, select
Hideto minimize options from Advanced nav options mode.
Enter a unique name for the tunnel.
Optionally, set labels and description, as necessary.
Tunnel Typesection, select a tunnel type.
Note: Currently only
IPSEC with PSKis supported.
Step 2: Configure Local IP Address selector.
Type drop down menu select
Local Interface or
Local IP Address Type.
- Local Interface: In
Local Interfacedrop-down menu, select a network interface.
+ Add Itembutton as needed.
Local IP Address Type: In second
Typedrop-down menu, select
Local IP Address Typeor
Local IP Address Type:
IPv6for address version, enter corresponding IP address in address box.
Select a local virtual network from the dropdown.
Auto IP: Select a local virtual network in drop-down menu.
Step 3: Configure Remote IP Address selector.
Type drop-down menu, select
Remote IP address or
- Remote IP Address: Select either IPv4 or IPv6 in address version, enter corresponding IP address into address box.
Remote Endpoints: Select
+ Add Itembutton to add remote endpoints. For each endpoint you add, follow these steps:
Enter node for the tunnel in
Nodebox in form site:node (site is optional).
Configure, select either IPv4 or IPv6 for address version, enter corresponding IP address into address box.
Step 4: Enter tunnel parameters.
Typeselect tunnel type in
Note: Only IPSEC is currently supported, so there are no other choices.
Secret Typedrop-down menu, select
This option will cause all traffic to be encrypted using F5 Distributed Cloud Blindfold in addition to the protocols and encryption used for IPSEC.
Policydropdown, select between
Custom. Then select the appropriate policy in the associated drop down menu.
Choose the type of secret you will enter. If you have not already created a Blindfold Secret or want to create a new one, then choose between
TEXT, otherwise choose
Text: Enter your cleartext secret and press
Blindfold. You can use the
Editbutton to see and/or copy your encrypted Blindfold Secret.
Blindfold: Paste your existing Blindfold Secret into the text box.
For more information on Blindfold, see Secrets Management and Blindfold.
This option will only use the protocols and encryption for IPSEC.
base64(binary) for the type of secret you will enter. Then enter your secret in the format specified.
Step 5: Complete tunnel creation.
Save and Exit button.
Note: Tunnel configuration becomes effective only when you attach the tunnel to a tunnel interface.