Lync 2013 Edge Server Interfaces same F5 pair
We are having a problem with the iApp for Lync. We are using Lync 2013 and having problems with mobile clients connecting from internally. They of course use the reverse proxy to do this, but I am wondering if they also might use some edge services. Here is my design question. Is it possible to use an F5 pair to host both the External and Internal edge interface. Because of our security requirements our Edge servers cannot sit on our internal VLANs where our FE servers are so the Edge Servers sit in two DMZ VLANs. The Red VLAN faces the internet and has our three IPs with the default GW pointing to the BIG IP External EDGE Interface and the Yellow VLAN has no internet access, but has rules to allow connections to the FE pool. Both of those VLANs are served by the same F5 pair, so in the iApp I put the External and Internal interface on the same F5 pair, with our internal F5 pair holding the internal Rverse Proxy role and other roles.
Could this be causing the issue with mobile clients? I am wondering if the design is not valid.
It's possible to deploy all Lync services on one layer of LTM, so this should work if you have your routing correct. Internal clients and FE servers need to be able to route directly to your internal Edge VIPs and the internal interfaces of your Edge servers. The Edge external and internal interfaces must not be able to route to each other.
That said, I think Mobility clients only use HTTP, with all the SIP traffic taking place server-to-server on the back end.
You were having problems with the reverse proxy yesterday, did those get resolved?
thanks
Mike