Forum Discussion

smp_86112's avatar
smp_86112
Icon for Cirrostratus rankCirrostratus
Dec 02, 2013

Using LTM for network forwarding

Our data center architecture has a pretty standard model, with an "internal" network and a "DMZ". Our internal network does not have a direct route to the Internet. However, I have LTMs in our DMZ th...
deployment
design
Thomas_Gobet_91's avatar
Thomas_Gobet_91
Icon for Cirrostratus rankCirrostratus
Dec 02, 2013

You can do 2 things (or more) :

 

  1. Create as many Virtual Server as there's Microsoft public networks (exhausting work)
  2. Create one virtual server with a wildcard IP (0.0.0.0/0) and limited to your internal Microsoft server IP as source.

I'll detail the second point, which is the easiest way to make it.

 

You have to create a virtual server with these parameters :

 

  1. Type : Forwarding (IP)
  2. Destination : Network with Address 0.0.0.0 and Mask 0.0.0.0
  3. Service Port : Any or one virtual server per ports you have
  4. VLAN : Enabled on "Your_Internal_VLAN"
  5. SNAT Automap to be sure the traffic will be send back through the F5
smp_86112's avatar
smp_86112
Icon for Cirrostratus rankCirrostratus
Dec 02, 2013
Thanks for the quick response. This is where it gets tricky - the LTMs load-balance thousands of apps today, so I already have a 0.0.0.0/0 forwarding virtual server. I can't/won't enable SNAT on this VS, so does that effectively eliminate 2?