Forum Discussion
dennypayne
Nov 20, 2008Employee
You will have to SNAT if you do this. Since the external host doesn't use LTM as it's default gateway, if you don't SNAT (meaning LTM preserves the client's source IP), the connection will make it to the external server but then be sent directly back to the client. The client will drop the packet because it made a connection to the virtual server, not the external host. By using SNAT you ensure that the external host sends the connection back to LTM before it goes back to the client.
The caveat with using SNAT is that you lose visibility to the original client's source IP in your server logs unless you add an X-Forwarded-For header or some other custom method of logging the original client IP. Some people care about this and some don't.
Denny