Asymmetric Routing Issue

Hi,

 

 

Below is my network topology.

 

 

Internet

 

|

 

Ext FW

 

|

 

F5

 

|

 

L2 Switch -- Web Servers & DC

 

|

 

Int FW

 

|

 

Backend Server(Database)

 

 

 

I am a newbie with F5 LTM and I am having issue when the Backend Server try to join domain to the DC in the DMZ zone. All my Web Servers and DC have their default gateway pointing to my F5.

 

 

After some troubleshooting, I discover that when the Backend Server need to contact the DC, it will go to the Ext FW and reach the DC. But when the DC replies, it will need to go to my F5(default gateway) then to the Ext FW and reach the Backend Server. WIth this setup, the Backend Server is able to ping the DC but not able to join domain.

 

 

The workaround I have is to have the WebServer and DC have a route add statement to set the EXT FW as the gateway for traffic going to Backend Server. After adding the route add in my Web/DC servers, the Backend Servers is able to join the domain.

 

 

May I know if there is any design issue with the about setup or anything that I need to configure in my F5 so that I do not need to put in the route add statment in my Web/DC servers.

 

 

Thanks in advance for the advice!

 

 

Regards,

 

Jason Tan