Forum Discussion
Ruben_79895
Altostratus
AltostratusGTM and VS with public and private adresses
Hi,
I am trying to configure my GTMs to serve DNS responses with the public IP address of a local virtual server to external users, and private ip address to internal users. I have configured to listener with the same Wide IPs, one por public access with a Firewall doing NAT of the GTM listener address, and another one for internal access.
The GTM monitors the local LTM virtual server but the HOST needs to receive the public IP when receiving a DNS request from the GTM.
How could this be done?
Thanks in advance,
Ruben
8 Replies
hoolioCirrostratus
Hi Ruben,
Try searching the forums for 'GTM internal external' to get a few related posts. If you have a read through those and have questions, reply here. In general, you should be able to either use topology or a GTM iRule to send one response to external clients and a different one to internal clients.
GTM: Creating a Wide IP that returns different answers to internal clients
http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=3134731666
Topology Records
http://devcentral.f5.com/Default.aspx?tabid=53&forumid=31&tpage=1&view=topic&postid=5869958699
You could also try searching on AskF5 for related articles.
Aaron
Ruben_79895Hi Aaron,
the problem I have is that in the LTM, my VS are defined with private ip adresses, so, as GTM monitors LTM, it can only return private ip addresses to DNS queires, but I need that the requests from internet reply a public ip address for the VS.
How can I achieve this?
Regards,
Ruben- JRahm
Admin
are your server(LTM) and virtual servers in GTM configured with addresses and translations? If so, the monitors should be fine on internal addresses while still handing out external answers to queries. If you will have internal queries needing the internal address on same wideIP, you can do a couple different things. You can create an internal view of the names/ip's in question, then write an iRule to forward to bind if client ip addr is internal. Or, you could do it all in an iRule, though since GTM iRules don't support classes, the rule could get quite long if you have a lot of records. - Ruben_79895Hi,
I'm sorry but I don't know exactly how translations work. My idea was to create two different IPs for two listeners in the GTM, one for request coming from internet and the other for requestes coming from inetrnal users. Would this approach also need the creation of iRules?
Can you give me more informtaion of how translations work? I assume this is a way of assigning a public address to a VS with internal adressing?
Thanks in advance,
Ruben - JRahm
From the online help for server (same for virtual server):
Address: Specifies an external (public) address for the server.
Translation: Specifies the internal (private) address that corresponds to the external address.
Note that for environments where there is no external representation (ie, no nat) you'd just use the real internal address in the address field. For the virtual server, the IP address in the Address field is the one that the wideip will hand out for name resolution. That said, I'm not sure what having different listeners will affect wrt your LTM server/virtual server configuration. afaik, there is no "answer for internal" or "answer for external" button in the wideip configuration.
Anyone else have other ideas? - Ruben_79895Hi,
maybe it is possible to create two virtual servers using the same pool, one with the NAT address and the other with the real address, so that GTM uses the first for public users and the second for internal users.
What do you think?
Regards, 
Sly_85819Nimbostratus
I am in the same situation and need assistance with GTM configuration. This is first time I am working on GTM. Please pardon my ignorance.
Local Data Center
Scenario - Both GTM and LTM are in DMZ (with private address).
I will be configuring public translation for GTM for DNS queries from Internet. What IP address of LTM should I use for iQuery, private/public? The VS on the LTM's are translated using public facing firewalls which will be configured in wide-ip pools. How the health monitor works in this case?
Local site -> Other Data Center
Scenario - GTM will talk to LTM and GTM at remote Data center.
What IP address do I need to use for GTM and LTM? I can reach the systems using private IP over the WAN. Again VS will be sitting on remote LTM.
I am in the middle of deployment and really confused with GTM configuration. I would really appreciate some help here.- The_BhattmanHi Sly,
I tried to answer your question here
http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/52/afv/topic/aft/1172494/aff/31/showtab/groupforums/Default.aspx
Bhattman
