We are currently using the UAG in cascade mode for our VMware AirWatch per-App VPN Tunnel setup.
We have 2 frontend and 2 backend UAG.
As per the official documentation:
' The Per-App Tunnel component requires authentication of each client after a connection is established. Once connected, a session is created for the client and stored in memory. The same session is then used for each piece of client data so the data can be encrypted and decrypted using the same key. When designing a load balancing solution, the load balancer must be configured with IP/session-based persistence enabled. An alternative solution might be to use DNS round robin on the client side, which means the client can select a different server for each connection.'
We would like to know if the following config is supported on our F5 infrastructure:
We have a VIP between both front and backend UAG and (session persistance) but instead of this we would like to create crossed VIPs without persistance, an example :
UAGfront1 => vip1 (back1 active - back2 slave)
UAGfront2 =>vip2 (back1 slave - back2 active)
In this type of config, we can do both load balancing and high availability while ensuring that a client that hits the UAG front end is always dealt with by the same UAG back end.