Forum Discussion
DarkSideOfTheQ_
Nimbostratus
NimbostratusLTM VIP and NAT
Hello All,
Today my LTM's (in HA setup) sit in a DMZ (FW1<->LTM1 / FW2<->LTM2) and the VIPs are using live IP's. We are changing ISP's and thus getting a new IP range. I am wondering about changing our VIPs to private IPs and doing NAT at the Firewall for them. I hearby open the floor for comments/suggestions.
TIA,
DarkSide
4 Replies
- dennypayne
Employee
Hi DarkSide,
LTM won't care, as long as all the routing works you should be good to go.
Denny 
DarkSideOfTheQ_Thanks for the reply Denny.
I wasn't sure if not using live IP's will impact the LTM in a way such as not passing client IP, etc...basically any caveats to NAT'ing at the firewall vs using live IP's for our VIPs.
-DarkSide
HamishCirrocumulus
Posted By DarkSideOfTheQ on 05/27/2009 9:12 AM
Thanks for the reply Denny.
I wasn't sure if not using live IP's will impact the LTM in a way such as not passing client IP, etc...basically any caveats to NAT'ing at the firewall vs using live IP's for our VIPs.
-DarkSide
So long as you don't NAT the client IP you shouldn't run into any problems. If you do NAT the client IP, you would only have problems if you tried to do srcIP persistence... And discovered you don't get any balancing because all your clients look like one...
1. Don't NAT the client
2. use cookie persistence (Where possible)
And you should be fine.- DarkSideOfTheQ_Nope. Won't be NAT'ing the client IP, only the VIP and we already use cookie persistence, so sounds like I'll be fine NAT'ing the VIP's.
I appreciate the input thus far.
-DarkSide
