SNAT/Floating IPs/Masquerade MACs

Question

I am in the middle of replacing a single F5 LTM installation with a dual LTM1600 set up in HA mode. 
&nbsp;  
&nbsp; I would like my servers to use the router as a default gateway but respond directly back to the F5 units for all incoming requests that come thru the F5's.  I've done this before but dont''t remember the exact set up.  I think I need floating IP's on both the External and Internal interfaces which I have.  I also assume I need to use masquerade MACs since this is an Active/Passive configuration.  Do I need a SNAT pool?  If so, on which interface?  I don't remember having one in a previous installation. 
&nbsp;  
&nbsp; Thank you!! 
&nbsp;  
&nbsp;

l4l7_53191 · Answer

You've got it pretty much right: a self and floating IP for each vlan the BigIP pair is connected to. For your virtual servers, use SNAT (you'll have to here or your flows will break unless you do npath - and don't do npath). You can use a snat pool or automap if port exhaustion isn't an issue. 
&nbsp;  
&nbsp; Regarding MAC masq, it's a best practice, so definitely do that if you can.  
&nbsp;  
&nbsp; -Matt

golfislife13_33 · Answer

Thanks for the verification.  The one thing I was forgetting was setting the SNAP Pool to Auto Map. 
&nbsp;  
&nbsp; All seems to be working!!  Now for some failover testing..... 
&nbsp;  
&nbsp; Thanks!! 
&nbsp;  &nbsp;

Forum Discussion

SNAT/Floating IPs/Masquerade MACs

Recent Discussions

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Use of SSL Decryption.

Big IP DNS Failover

Related Content

Lightboard Lessons: Mac Masquerade

MAC address assignment in F5

CBC ciphers in relation to RFC7366 Encrypt-then-MAC

F5 apm on mac os resolve.conf patch

F5 Mac Edge Client and Android Emulator

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS