Forum Discussion
dennypayne
Feb 15, 2008Employee
There is no requirement to be directly connected to the LTM. As long as the routing works such that the client can make a connection to the virtual server on the LTM, and the LTM can distribute those connections to the VM IIS servers, it will work fine.
One caveat:
The main thing people are unaware of is that by default the LTM will preserve the client's source IP address when it hands the connection to the IIS server. If the LTM is not the IIS server's default gateway, the return traffic will bypass the LTM and the client will drop it. If you cannot make LTM the def gw, then you need to enable SNAT (typically SNAT automap) on that virtual server. Then, the LTM will change the source address of the client to it's own IP, so that when the IIS server tries to send a response, it will send it to the LTM first, not directly to the client.
The only downside to SNAT is that you lose visibility in your server logs to the real client IP address. You can insert an X-Forwarded-For header in the http profile on the vip, and there is an ISAPI filter here on DevCentral that you can install on IIS to enable it to log the XFF as the client address. (For non-IIS servers there are other ways to capture the XFF header).
Hope this helps,
Denny