LTM Exchange 2010 CAS Deployment with 2 route domain

Hi,

 

We are currently deploying exchange 2010 with SSL Offload in the route domain 1, This route domain is contain in a DMZ environment . The all the HTTPS traffic from any ActiveSync, OWA, etc.. will be offloaded in this area.

 

The CAS Virtual Server is located in the route 0 (default route domain), since the server is internal to our network.

 

But security administrator wants the offloaded https traffic (Now http) to be routed to Firewall for inspection and then sent to default route domain and CAS Virtual server.

 

 

Therefore the flow of any HTTPS incomming traffic would be:

 

LTM Route Domain 1 (with https offload) > Firewall > LTM Route Domain 0 (CAS Virtual Server).

 

We only have LTM module on the BIG-IP 3900 with v11.2, the addition of other module is not possible.

 

But I'm trying to accomplish the same kind of setup as Edge would do, with the reverse proxy in the DMZ.

 

So first thougth was to create the CAS Virtual Server as an unencrypted in the route domain 0 (default) and then create a HTTPS Virtual Server that would only foward IP to the CAS Virtual Server IP.

 

In attachement there is a diagram of the setup.

 

Anybody encoutered the same setup and what was your best solution.

 

Thanks