Forum Discussion
Ryan_Korock_46
Historic F5 Account
Richard.... one solution would be to point the default gateway of the Edge servers to the BIG-IP Self-IP, and the default gateway of the BIG-IP to the firewall. This will route connections that are being load balanced by the BIG-IP correctly without having to SNAT anything.
You will also have to deal with connections that are being sent directly to the Edge Servers themselves (and not sent to the BIG-IP for LB). The return traffic from the Edge servers will then be sent (assymetrically) to the BIG-IP since that is the DFGW of the Edge servers. To get the BIG-IP to pass this return traffic on through to the firewall, create a forwarding VIP with loose connections enabled. This effectively gets the BIG-IP to act as a stateless router for the return traffic of connections sent directly to the Edge Servers.
Dave_20158
Jan 15, 2015Nimbostratus
Ryan - Thank you so much for this information. We ran into this exact issue with the asymmetric routing and I could not understand why the BIG-IP was not forwarding the traffic. Once I created the new fast-L4 profile and enabled loose initiation and loose close, everything worked perfectly.