Forum Discussion
dennypayne
May 12, 2009Employee
Hi Matt,
So, what's happening is:
10.0.0.10 makes a connection to 10.0.0.20. The LTM selects a server, let's say 10.0.0.22, and sends the connection to it. If everything is left at default, the LTM preserves the source address of 10.0.0.10 from the client.
So, 10.0.0.22 goes to respond to 10.0.0.10, which, since it's on the same subnet, it can do directly without going back through the LTM.
10.0.0.10 receives the packet from 10.0.0.22 and drops it, because he never opened a connection to 22, he opened it to 20.
You must always SNAT connections like this to prevent asymmetrical packet path. SNAT will change the source IP to an address that lives on the LTM (you can either define an address or use Automap, which uses the self-IP of the LTM). That way, when 10.0.0.22 goes to respond to the client, he thinks it's the SNAT address and therefore sends the response back to LTM, which in turn responds back to the client, which is where the client expects the response to come from.
Denny