Hi Mickael,
Thanks you for your answer.
I'm sorry that my question is not very clear.
To avoid installing the root certificate from the PKI on computers that are not in the Active Directory domain, I wanted to use the BIG IP as SIP Proxy to do on the internal network and use a public certificate.
I could redirect the connections to the external network through the Lync Edge but it is difficult to redirect only the computers that are not in the Active Directory domain and keep the other on the internal network.
If I understand your answer :
If I use BIG to distribute SIP connections and therefore I do not use the Round Robin DNS function, it means that BIG IP balance and redirects connections to Lync Front End ?
So the traffic SIP / TLS / SRTP is established directly between the client and Lync Front End? In this case I can not use a public certificate because the Front End and Pool FQDN are private (internal.ad) and not public.
Thanks for your help
Gérald