Forum Discussion
Sep 11, 2013
If SNAT is an issue, you can modify the default route of your LDAP servers to point to the BIG-IPs floating self IP.
In this case an additional virtual server (Performance L4, Loose Init / Loose Close in fastL4 profile) needs to be created to handle outgoing traffic (initiated by your LDAP servers) to remote networks and direct requests from remote networks to your LDAP servers. This part of the traffic will go asymmetric.
As an alternative you may consider to log the SNAT operations on your BIG-IP. A while ago I wrote an iRule to lookup each particulare LDAP query inside an LDAP bind. It should be easy to fire a log message with each new query coming in. Please let me know, if you want to follow this approach.