[c-nsp] F5 BIG IP and FWSM

Gregori Parker Gregori.Parker at theplatform.com
Thu Sep 11 14:28:40 EDT 2008


That looks backwards...why not have the DG for internal hosts be the
BigIP, and DG the BigIP to the inside of the FWSM?

The BigIP does a good job of performing NAT, and doesn't need to be
directly connected to the nodes in its pools...in fact, I would highly
recommend against connecting nodes directly to the BigIP - you should
utilize a core switch block for that and default route to a floating
internal ip on the BigIP, from there, upstream to the FWSM and let it
handle security out front.


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Vikas Sharma
Sent: Thursday, September 11, 2008 11:08 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] F5 BIG IP and FWSM

Hi,

Did any one have worked on F5 BIG IP and FWSM? If yes please help me. As
this point I wanted to know BIG IP and how it should be conected to
fwsm,
specially in routed mode.

My understanding -

6509 (MSFC) --> outside interface of LB --> Inside interface of LB ->
FWSM
context (multiple context)

How bigip will be able to do loadbalancing, when it is not directly
connected to servers. All servers d/g is fwsm context.

Regards,
Vikas Sharma
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list