Add a LC in a production scenario

Hi all,

 

 

I'm tryng to study the best way to implement a Link Controller in a production environment.

 

 

The client has the following scenario:

 

 

 

(2 vlans - 2 isps)

 

|

 

Internet router

 

|

 

PIX <---> VPN Concentrator (isp2 range)

 

|

 

x.x.x.x/30(routing porpuse)

 

|

 

FW (Chekcpoint - Terminating isp2 range) <-> External DNS (Natted from/to DMZ address)

 

|

 

|

 

Inside Network

 

 

 

 

 

My client is concerned about changing any other equipments, and then im studying the best way to accomplish his spectations.

 

I was planning to "insert" the F5 appliance between the PIX and the Checkpoint.

 

 

I've found the following doc, related to "Installing a BIG-IP System without Changing the IP Network", but i need to add a 2nd F5 to failover purposes.

 

Can i do an Active-Passive Redundant in this way ?

 

https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_sol_guide_943/sol_vlans.html1062182

 

 

Do u have any ideas to make this instalation the cleanest possible ?

 

 

I'm thinking to make a Vlan group from internal and external vlans, and creating Forwarding Layer 2 Virtual Servers.

 

In terms of listerners, i am not seing how to define the listeners in this manner.

 

 

Do you have any ideas for this type of "concerns" ?

 

 

Best Regards,

 

Bruno Petrónio