Load Balancing Design Question

The LTM does route, actually. You need to setup ip forwarding virtuals to accomplish this. You can do it globally by entering a forwarding virtual with 0.0.0.0/0 applied to all vlans, which will allow all packets to route (assuming the necessary routes are in the routing table). If you want to be more granular, you can apply 0.0.0.0/0 to your private DMZ network only and match it with a default route to your PIX, then setup network-specific forwarding virtuals to your internal networks and apply these where appropriate (the forwarding virtuals should be applied to the vlans where the traffic is coming from, not where it is going) Post back if you have any questions.

Basically, i would need to create a new virtual server of type "network" that sets the destination to any networks that i need to reach and set ports to *. I would use Type = IP and Protocols = ALL. You mention "assuming the necessary routes are in the routing table". Can you expand on this? Also, would i need to set the default gateway of my web servers to be a self IP on the respective VLAN? How do the web servers know where to forward traffic?

 

Yep, that's it, Denny, thanks. I also let the firewalls do the security stuff, but I do minimize the routing possibilities to localize the tools available for mischief in the event of a breach.

Very helpful...thanks to both of you. We are going to work on this configuration on Thursday night. I think we have a pretty good handle on how to make it work now.