Forum Discussion
Jason_40733
Sep 10, 2013Cirrocumulus
Not clear what issues you are having. We do have a two stage application with MS Single Sign On using our F5's to load balance. We use SNAT on both VIPs.
Setup: Proxy VIP facing the internet. It SNATs to two proxy servers. The proxy servers refer to a Federated server VIP. That Federated VIP then SNATs to two Federated servers. The reply flows back with a SNAT at each level and back to the original client. Our Proxy and Federated servers are in the same subnet.
Internet -> "Proxy VIP" ->(SNAT) "PROXY server" -> "Federated VIP" -> (SNAT) "Federated server"
It has been running and stable for us for over a year with a couple thousand users and about 8 external partner applications.
- satish_81675Sep 10, 2013Nimbostratusthank you for the reply, we dont snat the Trafic in the DMZ and wanted to see if that is the only other way.
- Jason_40733Sep 10, 2013CirrocumulusSo if I have this correctly... both of your VIPs are on 10.10.10.x and all four of your pool members are on 10.10.11.x. If you have a loopback IP address of your VIP2 on your Pool2 members. They should respond to the Pool1 members directly with the IP of VIP2. You would probably also want a loopback address of your VIP1 on your Pool1 members. Not sure if that would work for you or not, but it might be worth a try.
- satish_81675Sep 10, 2013Nimbostratusalso the f5 is the default gateway for all the pool members, how to setup the loopback IP address, .....sorry can you pelase explain...
- Jason_40733Sep 10, 2013CirrocumulusSetting the loopback address up will depend on your individual OS and version. You'd need to check Google or with the sysadmin on that.