We have two LDAP servers and want to put them behind F5 but in pass-through mode without configuring SSL Cert or offload etc. we just want when request comes it load-balance between two servers but how does that work in automap ?
what do you mean with: how does that work in automap?
how does that work in automap?
setting source address translation to automap means it will use the outgoing interface IP as source IP for the connection from the BIG-IP to the pool members. it won't change content or such, just source IP.
if you don't want that you will have to make sure the pool members have a route back through the BIG-IP, for example by setting their default gateway to the BIG-IP.
We have many pool using automap and everything works fine my concern was if i configure VS with automap or (SNAT pool) does pass-through will create any issue?
How do i configure pass-through Virtual Server so my LDAPS (636) traffic direct go to pool member 636 port (we don't want SSL offloading), is there any setting in F5 to tell do pass-through?
it does pass through if you don't attach any profile that cause it to behave differently.
so just keep it simple and it should work.
what profile ?
Do you mean LDAP Client and LDAP Server profile in VS? Could you explain in details?
somewhere i read using Type "Performance (Layer 4)" will do pass-through, is that true?
i mean any profile. a profile inspects traffic and is able to change it, that can cause something else then pass through (this isn't a F5 term, but i see it as as little changes as possible).
so if you don't use any higher level profiles then it is pass through.
a standard virtual server without higher level profiles will do pass through, a performance l4 will do so also.
I have configured layer 4 VS and seems working for ldap (389) but having issue kerbrose (88) because we are using automap so ip getting change and kerbrose does not like this. It seem principle issue. Did anyone play with kerbrose with F5?
you can probably better start a new question about that.
also search a little first, there was a recent question about this.