Lync 2013/2010 External Mobility Issues
I've read through a number of others issues but havent found anything that fits my case. We deployed Lync through the latest iApp for Lync on two F5s. One is in a DMZ and the other internal. The basic topology is: External user uses lyncdiscover.company.com > NAT external address to a DMZ Reverse Proxy VIP on port 443 > Irule translates the URL and sends directly to one of the Internal FE servers on 4443. User gets back the .JSON file with the additional URLs. User sends request to onprem-webext.company.com (which is the same external address) > NATS to the same DMZ VIP > iRule translates that URL to the same pool on the DMZ F5 > Pool sends the traffic directly to one of the internal front end servers > get a few response code 200s and a response code 401. We have a cert on the DMZ F5 VIP that appears to work using external tools. I am using an iRule applied to the DMZ VIP to give me the traffic path and status codes. Internally, Lync works fine. After reading quite a bit about Lync, I am wondering if it doesnt like the server side cert and if I should just use the default server SSL profile, since internally the servers would be using internal PKI certs from our own CA. Thanks in advance. Jim
F5 with Lync 2010
Hi, Currently at a client site, helping them load balance the Lync Servers using F5 and running into some configuration issues. My setup (Image attached) is all configured but I am confused about how to configure the internal Interface of Edge Servers on F5. I mean do I use SNAT for traffic leaving the Edge Servers to the Internal Network towards Front End Servers or configure F5 to act as DG and then the F5 should forward the traffic to the Firewall. Please look at the image and suggest me on how F5 should be configured.