SNAT problem

To use a VS without SNAT, you need to have the route back to the client passing via the BigIP.

 

 

This means you either need to use the BigIP as the default gateway (For a locally attached VLAN) or implement policy routing to ensure the connection passes back correctly.

 

 

H

Are the clients and the VS on different IP subnets? If so Hamish's suggestion or using statics routes on the server(s) is valid. If not SNAT is unavoidable unless you want configure VLAN Groups and the like which probably isn't worth the effort just to avoid SNAT.

 

 

You could also use the XFF feature to add the original client address to an inserted HTTP header if that helps any?

Or use the option 28 tcp insertion method to place the original client IP into the tcp packets. (iRule required)

 

 

H

Interesting, that's new to me, do you have a link to an example please? Thanks

In the example for the TCP::option command

 

 

https://devcentral.f5.com/wiki/iRules.TCP__option.ashx

 

 

H

Thanks Hamish.

Hi,

 

 

Yes the client and the VS are on diffrent subnets.

 

Forgot to tell, that we use all VLANS and tunnels for the VLAN and Tunnel Traffic and version 11.1.0.

 

 

Thx, I will check the other sugestions.

 

 

Jan