Forum Discussion
Zayar_Win_20464
Nimbostratus
NimbostratusWeb Server load balancing by F5 and ASA
Dear All,
In this Case, I will make load balancing the two web server. How should I do?
My Requirement is I need load balance to two web server from Load balancer. I think ASA should not do NAT in this case. ASA only need to pass transparent. How do you think?
In this case, two web server are not directly connected to load balancer .There are two network behind the Load balancer. So , which address should assign in load balancer? DMZ network is 172.16.x.x and Between ASA and F5 is 192.168.x.x . Therefore I am still confusing .
Thanks
Trip
3 Replies
Amine_KadimiMVP
Hi, It's up to you to decide if you want NAT in the ASA or not, it will work in both scenarios.
Assuming that you have configured the suitable ASA security policies to permit the traffic:
- With NAT: each real server will have a NAT address configured on the ASA, your pool in F5 will contain two members pointing to the NAT addresses.
- Without NAT: your pool will contain two members pointing to the real server IPs. You also need to have a route to the DMZ in F5 unless your default GW is the ASA.
Hope that helps.
Zayar_Win_20464Hi,
Question (1) Option 1: If I use NAT in ASA, Do I need to use SNAT Pool in Virtual Server? Question (2) is when I use Hash ( Persistence Profile ) do I need to enable HTTP Profile. Thanks for your help,- Amine_Kadimi(1) As per your architecture (F5 is the default GW for ASA), there is no need to have SNAT because the return traffic will go through F5. (2) Do you mean cookie hash persistence? yes you need an HTTP profile. F5 recommends creating a new one and not using the default built-in one
