Forum Discussion

Fawad_29089's avatar
Fawad_29089
Icon for Nimbostratus rankNimbostratus
Mar 21, 2012

new setup of F5 LTM

Hi,

 

 

 

 

I have a few questions regarding LTM setup.

 

 

What type of certificates are required for LTM. Is it Device Certificate for LTMs to communicate and also the SSL certificate for SSL clients? Is there any other certificate?

 

 

 

Are there two pre-defined internal and external VLANs that cannot be changed? Can you associate any number of interfaces with those VLANs?

 

 

 

What is the difference b/w floatg IP and self IPs. Do we need both?

 

 

 

My LTM external interface will have multiple IPs for VIPs. It will connect to the firewall interface. Say my firewall interface has an IP 10.0.0.1/24. Can I create multiple VIPs on F5 on the same external VLAN using IPs 10.0.0.2, 10.0.0.3 and so on. Are these going to be Self IPs?

 

 

 

Would appreciate response!

 

 

 

Thanks,

 

 

 

Fawad

 

 

 

 

 

 

config
design

3 Replies

Sort By
  • er_sandy_27437's avatar
    er_sandy_27437
    Icon for Nimbostratus rankNimbostratus
    Mar 21, 2012
    Hello Fawad,

     

     

    let's go 1 on 1 on your questions.

     

     

    1. Certificates on F5 will depend on the requirement. You can have 2 type of Certificates 1 generated from Certificate authorities(Entrust, Verisign etc.) or generated from self.

     

     

    2.Yes you can assosiate any no. of interfaces in a perticular VLAN. But Why would you need to do that?

     

     

    3. Self IP is the IP of your LTM box in that interface. Floating IP is the common IP which floats in case of Failover(Similar to the HSRP).

     

     

    4. Yes you can have Multiple VIPs in that VLAN. They will not be the self IPs but act as virtual servers running particular services on them.

     

     

    I hope i was able to resolve your answer. Please write in case of any query.
  • Fawad_29089's avatar
    Fawad_29089
    Icon for Nimbostratus rankNimbostratus
    Mar 21, 2012
    Hi,

     

    Thanks for your reply. I have the following comment:

     

     

    1. To my understanding there is a device certificate and there is an ssl certificate. I guess both can be either self generated or through CA.

     

    Are these certs necessary for ssl connections through the LTM?

     

     

    Thanks
  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Mar 23, 2012
    Self signed certificates will work, but users will likely be presented with a browser warning that the certificate may not be trusted. It is best practice to obtain SSL certificates from an approved certificate authority. In most cases you'll have a separate certificate for each application/URL, but technically it isn't necessary.