Forum Discussion

avnishvyas_1974's avatar
avnishvyas_1974
Icon for Nimbostratus rankNimbostratus
Feb 20, 2017

Configuring APM for Kerberos authentication but my Big-IP is on a stick

Hello guys I have a slight challenge given the design I have been given to use for our F5 solution. The solution is made up of GTM's LTM's and APMS. My main focus is on the LTM/APM use. The catch with this is the nodes that make up up the pool members are on the other side of the DMZ North facing Front end Firewall. The Vlan i have to build the VIPS vlan is is /25 network of which i can chose a VIP IP for different services. I have also been given a SNAT Pool network which is also /25. For every VIP i create it needs to hide behind the SNAT Pool address. Im slightly confused as how this is going to work also how is the APM used in this solution.

 

1 Reply

  • As you mentioned, the virtual servers will have to have snat, so the traffic from servers returns to F5.

     

    For APM, all depends of your network configuration. As the traffic is generated from the F5, snat does not apply here. Anyway, you should have a self IP in the network you want to use as source, and make sure the correct routes exist to force the use of that self IP.