Forum Discussion
NimbostratusF5 LTM behind a pair of IPS
Hello Friends I've a situation wherein we need to install a new LTM in a client place. Here's setup that we are thinking about..
internet Rtr ----> switch --> ASA Firewall ---> L2 SWITCH STACK ----> pair of IPS ---> F5 LTM
Now, the switch stack in the above flow has the physical servers, a pair of IPS & a pair of F5 LTm connected to it.
I was told by the Security guys installing the ASA & IPS that we can setup something like this:
A) VLAN A between Firewall to Switch stack B) Vlan B between Switch stack to IPS IN (to inspect traffic) C) VLAN C between IPS out back to Switch ( for clean traffic). D) A trunk between the switch stack to the F5 LTM allowing all server VLANS & VLAN C and ofcourse an SVI for VLAN C.
firewall
| VLAN A | | trunk SWITCH STACK ------------> F5 LTM | | | | VLAN B | | VLAN C | | | | V |^^ ASA DEVICE
I guess this was suggested since we have a pair if HA IPS devices and a pair of F5 LTM.
My question is, does this setup make sense or is there any other recommended way to connect these together. Also, i was wondering what'll the gateway way for the ASA Firewall inside to send the traffic for VIP's towards the F5. The Switch stack and the IPS that's sitting in the middle between the ASA and F5 are just L2 boxes. but since the VLAN's are different in ASA & F5, i guess i'm confused.
Thanks for any suggestions.
3 Replies
Praveen_Kumar_KHi,
It will be helpful to understand your requirement, if you could provide a Network diagram.
f5fanboy_182636- f5fanboy_182636
The Servers are connected to the switch stack or to one of the downstream switch stacks. We have 3 differnet VLAN's on which the servers reside.
