The issue with that scenario without SNAT is that the client establishes a TCP connection with the VIP. LTM opens a connection to the server spoofing the client IP. Because the server is on the same subnet as the client, it just ARPs for the MAC address for the client IP and responds back directly to the client. The problem is the server responds using it's IP--which isn't what the client made the request to. So the client doesn't accept the response.
To handle this you can:
1. Not test using a client on the same subnet
2. Enable SNAT (for all clients or just those on the same subnet using a Selective SNAT iRule
Click here)
3. Use nPath to allow the server to respond back directly to the client using the VIP address as a source
1 and 2 are easy--three is a bit more convoluted in that it intentionally uses asymmetric routing. You can find more info on nPath by searching the forums or AskF5 for nPath.
Aaron