Is it possible to have the CSS respond with an A record IP address that isn't configured as a VIP?
I.E. If an end user is looking up a DNS name for www.mysite.com which is Globally load balanced with my CSS and I want to return the public address as apposed to the internal private address of the VIP, can I do this?
dns-record a www.mysite.com 220.127.116.11
# this is the public IP address that is translated by an external firewall to 10.1.1.1 for internal comms
vip address 10.1.1.1
url "/*" eql cacheable
add service mysebserver
yes, this is possible.
Just be aware that if you have internal hosts trying to get a dns answer from the CSS they will also get the public ip.
There is no way to distinguished between internal and external host.
Normally, you should only answer with the private ip and the firewall uses dns fixup to translate the ip inside the dns response.
With a GSS, it is possible to use a src ip access-list so the dns response can be different depending on the ip of the requester.