Forum Discussion
NimbostratusGTM Design
Hello,
How is everyone doing?
We currently got our hands on a GTM. We have been a big fan of the F5 LTM which has worked great for us. I currently have a question in regards to the Design setup for the GTM.
I was looking to delegate a subzone on our DNS servers to the GTM devices and just use CNAMEs. My question is in regards to handling public and private DNS responses. We currently use our LTMs in this manner. We create the vips and pools, but if we want something to be hosted externally, we NAT though a Firewall. The F5 vips are currently in a DMZ which is protected by ACLs. Some people will NAT through the F5.
For the internal resolution with the GTM, everything seems to work great. My question is in regards to the external resolution. Being that we Nat through the FW, how would I be able to setup the GTM to return external addresses of internal IP'ed vips? Do I have to setup vips with SNat and then be able to pick up the pool (f5 vip) from the GTM?
outside ----> FW ----> F5 DMZ ----> users
1.1.1.1 192.168.0.1
So users will hit 192.168.0.1 internal to the company.
Outside users will hit 1.1.1.1 which there is a static NAT on the firewall which translates it too 192.168.0.1
If I have to use the F5 with SNAT rules, I have no issues re-arranging things as we don't have so many external vips.
3 Replies
Laudec_55181Altostratus
Hey,
You can create two pools for the record. One that contains the private IPs, the other that contains the public IPs. You can then create a simple irule, that will look at the client's IP for the DNS request, and if it is coming from your internal subnet, use the pool with the private IPs, otherwise use the public pool.
HamishCirrocumulus
There is an iRule in the codeshare that does the natting for you. Handles multiple external nat maps as well.
H
jquinones82_469Laudac,
MY GTM is pulling the pool members from the LTMs, so only internal addresses are shown.
We don't do the nating for external to internal on the F5. We use a Firewall for that.
