Forum Discussion
mikeshimkus_111
Jun 13, 2012Historic F5 Account
First off, I would definitely recommend upgrading to v10.2.2 HF1, or later. There is an SSL handshake issue that was addressed with that hot fix: https://support.f5.com/kb/en-us/solutions/public/13000/000/sol13037.html. I don't believe the Lync solution has been tested with any version earlier than 10.0. I would also have a look at the manual configuration tables in this guide, as they are the most recent: http://www.f5.com/pdf/deployment-guides/microsoft-lync-iapp-dg.pdf.
You should be able to get it working with just one BIG-IP. You'll need to create 3 VLANs on the BIG-IP-one each for the public, dmz, and internal networks. Add static routes to the Lync Edge servers to direct outbound traffic to the self-IP of the public VLAN and inbound traffic to the self-IP of the DMZ VLAN. Front-End servers should use the BIG-IP internal self-IP as the route for traffic to the internal Edge interface virtual server addresses. You''ll also need routes on the BIG-IP to direct traffic out the correct VLANs, and you should only enable the external Edge virtual servers to listen on the public VLAN, the internal Edge virtual servers on the DMZ VLAN, and the internal Front End servers on the internal VLAN.
Remember that the Edge and Front-End servers must be able to route to each other directly, as well.
Here's a post that may be helpful in understanding how the Edge services need to be configured: https://devcentral.f5.com/weblogs/rkorock/archive/2011/07/14/1096289.aspx.
Routing is one of the bigger pitfalls with Lync configuration. If you need more info, send me a PM on DevCentral. I can put together a diagram of this setup for you.
Mike