Forum Discussion
meena_60183
Nimbostratus
Jan 28, 2009Adding a LTM in DMZ
Hi All,
I have a DMZ connected to our firewall and it has the subnet x.x.224.0/22. This DMZ already has SMTP servers, external DNS servers, some web servers etc. Now, they want to add a BigIP so that this can be used as a reverse proxy with ASM. The purpose of this BigIP is to allow traffic to some of the servers reside in our internal network. These servers cannot reside in the DMZ due to some complicated reasons.
I do not have any additional interface on the firewall to add the BigIP. I have to use the existing DMZ interface. I am trying to figure out how I can add the BigIP to x.x.224.0/22 without affecting any of the existing servers.
Any ideas?
Meena
3 Replies
- siddiqu_84786
Nimbostratus
Hi, - meena_60183
Nimbostratus
Thank you and that's what I thought too. - dennypayne
Employee
No, you just need to SNAT. You can either use SNAT Automap to use the BIG-IP's self-ip or turn up a new IP in a SNAT Pool and use that (under Advanced on the virtual server - or you can just SNAT globally). L2 Forwarding would allow you to preserve client IP in the server logs, but it adds a whole host of other complications, spanning tree in particular.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects