Forum Discussion
Brad_Parker
Nov 02, 2015Cirrus
Yes, if you don't have a wildcard listener, the traffic will not route through the LTM without going through a VIP.
- Steven_J__WilliNov 02, 2015NimbostratusWhere can I find info on this?
- Brad_ParkerNov 02, 2015CirrusIts kinda just how LTM works. Its a default deny device and will not pass traffic unless there is a configured listener. A listener is a virtual address which usually has a configured virtual server. A self-IP itself will not forward packets without these listeners.
- Steven_J__WilliNov 02, 2015NimbostratusWell I have VIP created on the same subnet as the nodes. I assume its a network as the unit is one armed. and not inline so the servers dont sit behind the F5 per say.
- Brad_ParkerNov 02, 2015CirrusThen the F5 cannot prevent the traffic in one armed mode as it is not the gateway to the network.
- Steven_J__WilliNov 02, 2015NimbostratusI was afraid of that. So could I redesign this to make the F5 the default gateway for the servers rather than the ASA firewall in the DMZ like it is now? But then it would be inline correct? the switch would connect to the F5, then the F5 would connect to the ASA. So this would require the internal network and external network. Why would anyone want to do one arm deployment? seems limited?