F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

DarkSideOfTheQ_'s avatar
DarkSideOfTheQ_
Icon for Nimbostratus rankNimbostratus
May 27, 2009

LTM VIP and NAT

Hello All,     Today my LTM's (in HA setup) sit in a DMZ (FW1<->LTM1 / FW2<->LTM2) and the VIPs are using live IP's. We are changing ISP's and thus getting a new IP range. I am wondering ab...
config
design
Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
May 27, 2009

Posted By DarkSideOfTheQ on 05/27/2009 9:12 AM

 

Thanks for the reply Denny.

 

I wasn't sure if not using live IP's will impact the LTM in a way such as not passing client IP, etc...basically any caveats to NAT'ing at the firewall vs using live IP's for our VIPs.

 

-DarkSide

 

 

 

So long as you don't NAT the client IP you shouldn't run into any problems. If you do NAT the client IP, you would only have problems if you tried to do srcIP persistence... And discovered you don't get any balancing because all your clients look like one...

 

 

1. Don't NAT the client

 

2. use cookie persistence (Where possible)

 

 

And you should be fine.