Skype for Business: Using the Big IP as my Default Gateway

Hmmm, so that "worked" but then broke my internal skype services. So basically, I can now set the default gateway to the self IP address i set on on my F5 and i can access external networks through it, but it immediately stops my test clients from being able to log into Skype for Business. The instant i set my default Gateway back to my router, as it was before, everything starts working again.

Any idea why all of a sudden changing the gateway would result in Skype clients stopping being able to connect to Skype? The servers can still ping the clients and the clients can still ping the FE servers and the load balancer itself so it's not causing any breaks in network connectivity that I can see. Any advice would be appreciated. thanks!

It shouldn't have broken your internal services. On your Edge servers, you have one static route pointing to the Edge LTM self IP for external networks, and another static route pointing to the self IP of the internal LTM for traffic bound for the internal Skype resources, correct?

Hey Mike, I have not yet made it to the Edge server deployment, I am still working on internal. Just FYI, I initially had internal working for IM, presence, and screensharing, but i wanted to revisit https://www.f5.com/pdf/deployment-guides/microsoft-skype-for-business-dg.pdf page 8 item c to ensure that I am properly set up for internal AV services before continuing on to the edge services deployment. (I needed to ensure that SNAT was not happening)

I followed the Fast L4 profile and virtual server steps EXACTLY, and then set up a route. The Route is setup so that Destination and netmask are both 0.0.0.0, the resource is set to use a gateway, and the gateway address is the router address on that VLAN (which is the address that works for my Front End servers when i set their default gateways to this same address).

Finally, in reference to part of your question, there are no static routes set on any of these servers, they solely use whatever default gateway I have set. I did test this several times, everything stops functioning on the client side as soon as i change the default gateway to the F5, even if I wait up to 30 minutesand try to sign in again. But as soon as i change the gateway over to my firewall as it used to be, i can immediately sign in again.

Is there any more info i could give that would help get to a resolution with this?

Sorry I didn't realize you were talking about not doing SNAT for the internal services.

Is there a specific reason why you just can't use SNAT for the FE? You only need to disable SNAT for the A/V services on the Edge LTM, not the internal. Do you have two LTMs, or one?

I have two LTM's, one for external and one internal. I believe I got mixed up, I thought the documentation had stated this for the FE pool but it looks like i was wrong. I am assuming that i will need to follow this similar process for my edge pool so when i get that far quite possibly tomorrow) i will give this a shot on my other LTM. Thank you for clearing this up! I will carry on as I had it functioning before and begin to deploy edge services. I will open a new topic if this seems to be an issue on the edge devices.

Thanks again!