Replacing Microsoft TMG with F5 for Excahnge 2010
All, I'm looking for best practice on replacing my TMG with a pair of F5's with LTM. Currently the TMG has two listeners in our DMZ which is then NAT'ed out to the public via our Cisco ASA for both Client Access and Hub Transport. The TMG provides both internal and external listeners for users to connect. The problem I'm having is I know TMG performs as a firewall whereas my F5 will not, is there any concerns with connecting the F5 to both my LAN and DMZ? Is it normal to provide a VIP for LAN side clients and a VIP in the DMZ that will then be NAT'ed to public IP via Cisco FW?
E.g. (Current) Client Access Server 1 & 2 192.168.1.10 & 192.168.1.11 => TMG Listener Ext. 192.168.5.10 (DMZ) => Cisco ASA NAT 5.4.3.2 (Public IP)
Client Access Server 1 & 2 192.168.1.10 & 192.168.1.11 => TMG Listener Int. 192.168.1.15 (LAN)
So would I connect one interface of F5 to LAN side and assign appropriate VLAN's and another interface to the DMZ?
I'm using iApps for configuring CAS with template version CAS.v1.2.0
SMTP I'm referencing this article: http://clintboessen.blogspot.com/2011/11/load-balance-smtp-with-f5-big-ip.html
If you all have a more sound solution please let me know.
Any help greatly appreciated.
Thanks.