Forum Discussion

fatih_bilger_29's avatar
fatih_bilger_29
Icon for Nimbostratus rankNimbostratus
Jan 10, 2012

LTM + ASM on separate boxes

Hi to all,

 

 

I am trying to deploy LTM and ASM on separate 1600 boxes. Followed the guidelines of F5's deployment guide ("Deploying the BIG-IP Local Traffic Manager with Multiple BIG-IP Application Security Managers"). I configured one exterior VS and one interior VS on LTM. Also configured a VS on ASM box. On the LTM side SNAT automap is in use and I am getting original client IPs through XFF.

 

 

 

I have couple of issues with this configuration. Firstly, I can see the original client IPs on ASM request logs but when the traffic goes back to LTM interior VS and then to the IIS servers, client IPs are disappearing and I can see only the SNAT IP as requester.

 

 

 

Secondly, I am using cookie persistence but all the requests are going to the one pool member on LTM.

 

 

 

Is there any suggestions about this topology? Any idea or recommendations about this scenario will be appreciated.

 

 

 

Thanks,

 

Fatih

 

config
design

1 Reply

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 10, 2012
    when the traffic goes back to LTM interior VS and then to the IIS servers, client IPs are disappearing and I can see only the SNAT IP as requester.where did you see client ip? was it x-forwarded-for header?

     

     

    sol4816: Using the X-Forwarded-For HTTP header to preserve the original client IP address for traffic translated by a SNAT

     

    http://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html

     

     

    Secondly, I am using cookie persistence but all the requests are going to the one pool member on LTM. it is on interior virtual server, isn't it? have you tried to access the interior virtual directly (skipping exterior and asm)?