When configuring a Forwarding (IP) virtual server there is an option to enable the VS only on certain VLANs. Does this apply to the source traffic, the destination traffic or both?
Say I have the following topology:
-------- ------ ------- Internet | Vl10 | <--> | F5 | <--> | Vl20 | My servers -------- ------ ------- Ext Int
If I create two Forwarding (IP) VS's (restricted by src/dest IP), one for inbound traffic and one for outbound traffic, will I have to configure the VS to be Enabled on both VLAN 10 and 20 for both of them? Or will I just enable the inbound VS on VLAN 20 and only enable the outbound VS on VLAN 10?
The VLAN setting of a virtual defines the vlans that listen for incoming packets that establish a connection. Reply packets hit a vlan and are matched to an existing connection, defining the path through the LTM.
Please note, due to VLAN keying (which is a default setting), returning packets will only be matched to the connection table if they hit the egress VLAN. You can disable VLAN keying (with caveats).
Or will I just enable the inbound VS on VLAN 20 and only enable the outbound VS on VLAN 10?
This is correct.
Sorry for the late response as i just saw this posting and we have a very similar situation.
Would you not only enable the inbound VS (the traffic is coming in from the Inet) on the external vlan, which would be vlan 10, and only enable the outbound VS (coming out to the Inet) on VLAN 20?