Forum Discussion
Jason_40733
Cirrocumulus
Not clear what issues you are having. We do have a two stage application with MS Single Sign On using our F5's to load balance. We use SNAT on both VIPs.
Setup: Proxy VIP facing the internet. It SNATs to two proxy servers. The proxy servers refer to a Federated server VIP. That Federated VIP then SNATs to two Federated servers. The reply flows back with a SNAT at each level and back to the original client. Our Proxy and Federated servers are in the same subnet.
Internet -> "Proxy VIP" ->(SNAT) "PROXY server" -> "Federated VIP" -> (SNAT) "Federated server"
It has been running and stable for us for over a year with a couple thousand users and about 8 external partner applications.
satish_81675
Sep 10, 2013Nimbostratus
thank you for the reply, we dont snat the Trafic in the DMZ and wanted to see if that is the only other way.