Forum Discussion
Jason_40733
Cirrocumulus
Not clear what issues you are having. We do have a two stage application with MS Single Sign On using our F5's to load balance. We use SNAT on both VIPs.
Setup: Proxy VIP facing the internet. It SNATs to two proxy servers. The proxy servers refer to a Federated server VIP. That Federated VIP then SNATs to two Federated servers. The reply flows back with a SNAT at each level and back to the original client. Our Proxy and Federated servers are in the same subnet.
Internet -> "Proxy VIP" ->(SNAT) "PROXY server" -> "Federated VIP" -> (SNAT) "Federated server"
It has been running and stable for us for over a year with a couple thousand users and about 8 external partner applications.
Jason_40733
Sep 10, 2013Cirrocumulus
So if I have this correctly... both of your VIPs are on 10.10.10.x and all four of your pool members are on 10.10.11.x.
If you have a loopback IP address of your VIP2 on your Pool2 members. They should respond to the Pool1 members directly with the IP of VIP2.
You would probably also want a loopback address of your VIP1 on your Pool1 members. Not sure if that would work for you or not, but it might be worth a try.