Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology

F5 pass-through ldaps request

We have two LDAP servers and want to put them behind F5 but in pass-through mode without configuring SSL Cert or offload etc. we just want when request comes it load-balance between two servers but how does that work in automap ?

Rate this Question

Answers to this Question


what do you mean with: how does that work in automap?

setting source address translation to automap means it will use the outgoing interface IP as source IP for the connection from the BIG-IP to the pool members. it won't change content or such, just source IP.

if you don't want that you will have to make sure the pool members have a route back through the BIG-IP, for example by setting their default gateway to the BIG-IP.

Comments on this Answer
Comment made 12-Aug-2017 by satish.txt 311

We have many pool using automap and everything works fine my concern was if i configure VS with automap or (SNAT pool) does pass-through will create any issue?

How do i configure pass-through Virtual Server so my LDAPS (636) traffic direct go to pool member 636 port (we don't want SSL offloading), is there any setting in F5 to tell do pass-through?

Comment made 13-Aug-2017 by boneyard 5395

it does pass through if you don't attach any profile that cause it to behave differently.

so just keep it simple and it should work.

Comment made 13-Aug-2017 by satish.txt 311

what profile ?

Do you mean LDAP Client and LDAP Server profile in VS? Could you explain in details?

somewhere i read using Type "Performance (Layer 4)" will do pass-through, is that true?

Comment made 13-Aug-2017 by boneyard 5395

i mean any profile. a profile inspects traffic and is able to change it, that can cause something else then pass through (this isn't a F5 term, but i see it as as little changes as possible).

so if you don't use any higher level profiles then it is pass through.

a standard virtual server without higher level profiles will do pass through, a performance l4 will do so also.

Comment made 14-Aug-2017 by satish.txt 311

I have configured layer 4 VS and seems working for ldap (389) but having issue kerbrose (88) because we are using automap so ip getting change and kerbrose does not like this. It seem principle issue. Did anyone play with kerbrose with F5?

Comment made 14-Aug-2017 by boneyard 5395

you can probably better start a new question about that.

also search a little first, there was a recent question about this.