Forum Discussion
Thomas_Gobet_91
Cirrostratus
You can do 2 things (or more) :
- Create as many Virtual Server as there's Microsoft public networks (exhausting work)
- Create one virtual server with a wildcard IP (0.0.0.0/0) and limited to your internal Microsoft server IP as source.
I'll detail the second point, which is the easiest way to make it.
You have to create a virtual server with these parameters :
- Type : Forwarding (IP)
- Destination : Network with Address 0.0.0.0 and Mask 0.0.0.0
- Service Port : Any or one virtual server per ports you have
- VLAN : Enabled on "Your_Internal_VLAN"
- SNAT Automap to be sure the traffic will be send back through the F5
Night_67217
Dec 02, 2013Historic F5 Account
Well, you could enable SNAT only if connections come from a specific source IP / or go to a specific destination (via an iRule), leaving your current applications unaffected.
Also, I assume your backend servers have private IP addresses, so if you don't do a SNAT on the LTM (which would have routable addresses) or NAT on another device, I don't see how traffic would ever come back to these hosts. (sorry if my assumption is not correct)