Forum Discussion

smp_86112's avatar
smp_86112
Icon for Cirrostratus rankCirrostratus
Dec 02, 2013

Using LTM for network forwarding

Our data center architecture has a pretty standard model, with an "internal" network and a "DMZ". Our internal network does not have a direct route to the Internet. However, I have LTMs in our DMZ th...
deployment
design
Thomas_Gobet_91's avatar
Thomas_Gobet_91
Icon for Cirrostratus rankCirrostratus
Dec 02, 2013

You can do 2 things (or more) :

 

  1. Create as many Virtual Server as there's Microsoft public networks (exhausting work)
  2. Create one virtual server with a wildcard IP (0.0.0.0/0) and limited to your internal Microsoft server IP as source.

I'll detail the second point, which is the easiest way to make it.

 

You have to create a virtual server with these parameters :

 

  1. Type : Forwarding (IP)
  2. Destination : Network with Address 0.0.0.0 and Mask 0.0.0.0
  3. Service Port : Any or one virtual server per ports you have
  4. VLAN : Enabled on "Your_Internal_VLAN"
  5. SNAT Automap to be sure the traffic will be send back through the F5
Night_67217's avatar
Night_67217
Historic F5 Account
Dec 02, 2013
Well, you could enable SNAT only if connections come from a specific source IP / or go to a specific destination (via an iRule), leaving your current applications unaffected. Also, I assume your backend servers have private IP addresses, so if you don't do a SNAT on the LTM (which would have routable addresses) or NAT on another device, I don't see how traffic would ever come back to these hosts. (sorry if my assumption is not correct)