Cisco CSS to F5

Question

We are currently migrating our Cisco CSS devices to a pair of F5 LTM's. The question I have is regards to the CSS Groups and SSL-Proxy List. I am not sure what they translate to on the F5 side. Would the CSS Groups convert to SNAT Pools or would they just become Virtual Servers? Any help would great.

cory_50405 · Answer

Yes, CSS groups correspond to SNAT pools. SSL proxy list doesn't have a direct translation, but you'd enable SSL proxy on the virtual server by importing the certificate/key pair and then creating client and server SSL profiles using this cert/key pair. Then apply the SSL profiles to the virtual server.

cory_50405 · Answer

I should add that the BIG-IP also has an "SNAT automap" feature which will automatically select a SNAT if no pool is specified.  Depending on your environment, this may work rather than setting up multiple SNAT pools.

m__craft · Answer

Thanks Cory&nbsp;

Forum Discussion

Cisco CSS to F5

3 Replies

Recent Discussions

F5 terminal - help to run commands - disk space full

vulnerabilities-CVE-2020-16150 & CVE-2013-0169

google autenticator broken barcode

Error while running ansible

ASM instance creation

Related Content

Cisco CSS to F5 BIG-IP

Cisco ACI Endpoint Learning with a BIG-IP HA Failover

Deploying F5 Distributed Cloud (XC) Services in Cisco ACI - Layer Three Attached Deployment

Deploying F5 Distributed Cloud (XC) Services in Cisco ACI - Layer Two Attached Deployment

Integrating SSL Orchestrator with Cisco WSA Virtual Edition