For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

prt1969_120570's avatar
prt1969_120570
Icon for Nimbostratus rankNimbostratus
May 17, 2017

VIP vlan and Server vlan on single trunk between F5 and L3 Switch

Ok; this may be an elementary question, but I have not been able to figure it out. I have some LTM's in an Internet DMZ that connect to a L3 cisco switch over a single L2 trunk, which carries both th...
application delivery
LTM
Jana's avatar
Jana
Icon for Altostratus rankAltostratus
May 18, 2017

Is there any reason to have vlan 10 configured on the bigip?

In this case, serverside traffic exits on vlan10 and response from server arrives on vlan20, as the VIP address is the source-ip of server-side traffic.

Since, the server's default gateway is the L3 device and server is connected to it, you can use just vlan20 between the L3 device and bigip and remove vlan10 on bigip. To connect to the server in vlan 10, the bigip will send the traffic to it's default gateway. This way serverside request and response will exit and arrive on the same vlan.

You can also use an irule like this to use the vip address as the snat ip for serverside connections.

when CLIENT_ACCEPTED {
  snat [IP::local_addr]
     }