Forum Discussion

Alfonso_3549's avatar
Alfonso_3549
Icon for Nimbostratus rankNimbostratus
Mar 02, 2009

Asymmetric connections: allow both direct access to the real server and the VIP without NAT

Hi,     Maybe this has already been adressed before, but I've not been able to find it. Here's the deal: in a route-mode design, with the real servers' default gateway pointing to the F5, h...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Mar 05, 2009
Alfonso,

 

 

How did your testing go?

 

 

If the clients are on a different subnet than the servers, then you would need to configure LTM to pass the responses back to from the servers to the clients to LTM's default gateway (or other static route). If LTM doesn't see the request, then I think you'll have to use a forwarding VIP with a FastL4 profile with Loose Initiation and Loose Close enabled. Without enabling these options, LTM would not accept the response packets from the server. Enable the VIP only on the VLAN(s) which traffic will come into the LTM on.

 

 

This creates a pretty big hole through LTM, so make sure that you're covering your bases with a well configured firewall between LTM and any insecure network.

 

 

Aaron