LTM in front of HSM

Question

We have some Safenet Luna HSM's that require the connecting host to be in an ACL on the HSM. It doesn't use http or a common protocol. The problem we're running into is that the ACL only holds 16 ip addresses. Fine for prod, but not good for dev and qa. &nbsp;
When I asked Safenet about supporting a load balancer their support responded with "unless the Load balancer encapsulate the data packets and make HSM to believe that request is only for a single host in the list of IPs , After receiving reply from HSM load balancer would distributes to designated host".&nbsp;
I'm a newbie on the LTM outside of setting up virtual servers to front web server pools so I'm asking for help. Would this be NAT'ing the request? Can anyone give me some pointers on how to set this up on an LTM, if it's even possible?&nbsp;

vijay_e · Answer

You can use SNAT (automap or snatpool). However, each SNAT IP will provide you with 65K connections. Even if you use all the SNAT IP in the ACL (16 in total) in HSM, you will have a theoretical limitation of 16*65K (1,040 K) connections, if my understanding is right. You will hit limits as far as scale is concerned. &nbsp;
sol7820: Overview of SNAT features &nbsp;

Forum Discussion

LTM in front of HSM

1 Reply

Recent Discussions

[ASM] - what is "Browser Challange file" ?

Rewrite uri translation not working

no available managed rule groups for Israel il-central-1

About shun list for L7 DDoS?

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

Virtual Server graphical App for F5 LTM

iControl REST Cookbook - LTM policy (ltm policy)

Real Attack Stories: Tales from the Front Lines

Arabic Blackboard F5 series [LTM Idea] باللغة العربية

Monitor LTM policy