Forum Discussion
meena_60183
Jun 13, 2011Nimbostratus
Client IP visibility in one arm mode
Hi All,
I have a pair of LTMs in the DMZ in one arm configuration. The frontend (virtual server) and the backend (servers) are on the same subnet. It acts as a reverse proxy for a lot of internal hosts but it also acts as a load balancer to servers in the DMZ. SNAT automap is configured and so all the client IPs look like it is coming from the BigIP. Now, I have a requirement where apps running on the DMZ servers require the client IP visibility.
What are the options available?
Meena
- nitassEmployeeis it http/s?
- meena_60183NimbostratusI should have mentioned this. The traffic that is being load balanced in not http(s) but SSH and TCP port 9033. it is application specific.
- natheCirrocumulusMeena
- meena_60183NimbostratusThe current default gateway for the servers is the firewall. The default gateway for the LTM is also the firewall. I tried changing the server's default gateway to be the LTM but traffic stops working. I enabled all services using 0 for port number but still it seems like the LTM is not responding for arp requests from the firewall. I even deleted the arp entry for the servers in question but that did not help either.
- nitassEmployeeclient isn't in same subnet as vip, is it?
- Minn_62043CirrostratusIt's better if you can paste the virtual server's configuration.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects