Forum Discussion
spmedge_85938
Jan 16, 2012Nimbostratus
Setup help
I am setting on my LB and have my ASA in front of both my LB and web servers. I have my virtual server set as 10.0.2.97 255.255.255.224 and having a NAT rule on my ASA with the public IP linking the v...
hooleylist
Jan 16, 2012Cirrostratus
Are you trying to use an LTM virtual server to load balance your web server(s)? Or are you trying to configure admin access through LTM to the web servers?
For load balancing, you should create a host virtual server (like 10.0.2.97 with no subnet) pointing to a pool containing your web server(s).
For admin access, see this SOL:
sol7229: Methods of gaining administrative access to nodes through the BIG-IP system
http://support.f5.com/kb/en-us/solutions/public/7000/200/sol7229.html?sr=18746937
As far as the pool members gateway, it depends. If you want LTM to act as a gateway for all traffic sourced from the pool members, then you should configure them with the LTM self IP on their VLAN as the gateway. One advantage of this is that you won't need to configure LTM to perform source address translation. So the pool members will see the true client IP.
You'll need to configure LTM to pass traffic sourced from the pool members. The best practice for this is to generally configure a virtual server listening on the pool member VLAN which answers for 0.0.0.0/0.0.0.0 on any port. You can create one VS for TCP and another with UDP. If you have a pool of gateways you can use a FastL4 virtual server which points to a pool of the gateways. If you only have one gateway, you can use a forwarding IP virtual server which will use the TMM routing table to route the connections.
If you don't want LTM to act as a gateway for the pool members, then you'll need to use source address translation. If you have more than ~65k connections to each pool member, you can create a pool of SNAT addresses and add that to the virtual server. Else, you can use SNAT automap on the virtual server.
Aaron
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects