wixxyl_98682
Jul 31, 2012Nimbostratus
Do I need iRule and SNAT?
I'm very new to the F5's and the iRules especially. The iRules seem to be a very powerful tool, I'm amazed at what I'm finding out about using them. I'm a tad confused on how I can use them in my environment. What I'm trying to accomplish is to establish two external VLANs (828,829) to connect up with a Juniper firewall serving as the gateway for the subnets. The 828 will be a public facing internet connection for users connecting to a server farm located behind the firewall. The 829 VLAN is almost a mirror, but is set up for users located behind the firewall. These VLANs will terminate at the F5 and then traverse onto the 810 VLAN. The F5 should appear as a host to the other servers and they should pass traffic back to the F5 in a round robin fashion. The F5 will be doing SSL offloading to alleviate some of the pressure on the servers. My question is will the F5 require a SNAT to do that, or could I use an iRule in the place of the SNAT? I've got the F5 in place between the server farm and the firewall, all is pingable, all VLANs are working, I just can't get it to translate the traffic. I know this will be a very simple question for someone with experience to figure out, I just don't have the knowledge yet to get it working. I'm also going to post an iRule I was thinking might work, if anybody could point out what's wrong with it. I haven't implemented it yet, so I'm not sure if it will work or not.
when CLIENT_ACCEPTED {
if { [matchclass [IP::local_addr equals 172.17.139.0/24] } {
pool "Banner_INB_Pool"
} elseif { [matchclass [IP::local_addr] equals 128.192.225.0/24] } {
pool "Banner_SSB_Pool"
Thanks for looking over this post, I'm sort of in a bind to get this working and going, which is difficult without detailed training. If anyone has any suggestions, I would be veeeeeeeery grateful.
Thank you,
John