Establish comunication from the nodes of a pool to the LAN

Question

I have the following topology: There is an F5 BigIP LTM and behind it there are 2 Bluecoat Proxies. These BC are pool members of a pool.
I created a VS, I used the performance (layer 4) profile, I associate the pool that I created with the BC as pool members into the VS and finally I left the port as 0. I noticed that BC proxies need communication with AD Servers to authenticate users.&nbsp;
how can I establish this communication from the BC to the AD in the other side of the F5?.&nbsp;
Thanks in advance.&nbsp;

milk_man_61922 · Answer

You can create another virtual server that listens on the VLAN of the BC's, is a 0.0.0.0/0 destination, and has a pool member of the upstream router from the F5. This will essentially make the BIG-IP act as a router for your BC's back into your network.&nbsp;
I would probably do some more intelligent load balancing with your BC's as well instead of having a destination port of 0. You've probably done this to simplify configuration to allow for multiple protocols to be load balanced, but you are missing out on intelligent features like CARP as an example. &nbsp;

milk_man · Answer

You can create another virtual server that listens on the VLAN of the BC's, is a 0.0.0.0/0 destination, and has a pool member of the upstream router from the F5. This will essentially make the BIG-IP act as a router for your BC's back into your network.&nbsp;
I would probably do some more intelligent load balancing with your BC's as well instead of having a destination port of 0. You've probably done this to simplify configuration to allow for multiple protocols to be load balanced, but you are missing out on intelligent features like CARP as an example. &nbsp;

rene_125890 · Answer

Thank you ver much for your reply.

I'll take in count your advice. I'm gonna check it configuring the BC's VS.

rene_125890 · Answer

Thank you ver much for your reply.

I'll take in count your advice. I'm gonna check it configuring the BC's VS.

rene_125890 · Answer

Hello. I created the VS but it didn't work. 
There's an issue that I have to mention. The segment assigned to the BC's Proxies is not routed in the LAN. I tried using an SNAT so the request went to the AD from the F5 IP Address, but It didn't work too.
I use instead a NAT and finally I had the connection between the BC Proxy with the AD vía a BCAAA Server.

Forum Discussion

Establish comunication from the nodes of a pool to the LAN

6 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Re: Using Terraform and Volterra to establish secure connectivity between clouds

SAML IdP Initiated SSO Denied and Killing Existing Session established through OAuth

Run Advanced Containers like OPSWAT Content Scrubbing Directly On F5 Distributed Cloud Nodes

Single Node Persistence

F5 Active Standby Node Configuration