Default gateway other than F5
With SNAT AutoMap disabled and using route domains, is it possible to have a default gateway on common load balanced servers/nodes behind the F5 as something other than that of the F5 floating IP address -? The DG is a HSRP address from the router.
Is anyone able to also give me a better understanding of the traffic flows to understand how this solution would work?
Here’s an example:
===internet=== ===private network===
=Firewall with NAT= =Firewall with 1:1 NAT Cust:Internal =
| |
VLAN 10 VLAN 20
| |
------------ F5 LTM Partition 1------------------- -------- F5 LTM Partition 2---------------------------
- VS 192.168.10.1%1 - - VS 192.168.20.1%2 -
- Self/Outside A 192.168.10.11%1 - - Self/Outside A 192.168.20.11%2 -
- Self/Outside B 192.168.10.12%1 - - Self/Outside B 192.168.20.12%2 -
- Floating/Outside 1 192.168.10.10%1 - - Floating/Outside 2 192.168.20.10%2 -
- node 1 192.168.30.50%1 - - node 1 192.168.30.50%2 -
- node 2 192.168.30.51%1 - - node 2 192.168.30.51%2 -
- Self/Inside 1 192.168.30.10%1/MAC A - - Self/Inside 3 192.168.30.13%2/MAC D -
- Self/Inside 2 192.168.30.11%1/MAC B - - Self/Inside 4 192.168.30.14%2/MAC E -
- Floating/Inside 1 192.168.10.12%1/MAC C - - Floating/Inside 2 192.168.30.15%2/MAC F -
-------------------------------------------------------------- --------------------------------------------------------------
| |
---------------------------------------------------
|
VLAN 30
|
==Server 1 (192.168.30.50)== ==Server 2 (192.168.30.51)==
==DG 192.168.30.254== ==DG 192.168.30.254==
| |
---------------------------------------------------
HSRP 192.168.30.254
Routes:
Anything to ‘private network’ route via 192.168.30.15
Anything to ‘internet network’ route via 192.168.30.12
This example may somewhat defeat the purpose of route domains, but we are using them in this particular solution for customers in a multi tenanted environment accessing services from two unique paths, which we are trying to secure as an audit requirement (separation of internet and private traffic).