NimbostratusHi guys,
We've got some back-end servers (172.16.19.40, 172.16.19.41 and 172.16.19.42) in our DMZ, residing in a non-routable network. We'd like to be able to manage them via SSH from these networks: 192.168.116.0/24 and 172.18.7.0/24.
Could someone recommend a NAT/PAT way we could achieve this on our LTMs please?
Regards, L
NimbostratusIf I understand this correctly, you would need to create a self-IP on the same network as those servers, then just use a set of 1:1 regular VIPs with SNAT Automap enabled.
A forwarding VIP would also be possible if 172.16.19.x network is pointed to the F5.
NimbostratusHi J,
I appreciate your approach. Considering we have 3 x back-end servers, that would have meant 3 x VIPs.
We wanted to minimize the number of new VIPs created, hence went for the following approach -
Created 1x VIP with an IP part of the internal routable VLAN, listening on all ports, with pool associated, with an iRule bound to it, switching/translating incoming custom port front-end connections (2240, 2241, 2242) to their relevant back-end nodes 172.16.19.40, 172.16.19.41 and 172.161.9.42 over port 22.
Your support is appreciated!
Regards.