SNAT pass Destination IP back to Client

Question

I have a web services running on port 443. The incoming traffic from "Client server -&gt; F5 -&gt; Back-end Servers" is working fine, but the outbound response to the Client Server is not working.  So we have learned that the Client Server required the same IP address from whichever F5 route to the Back-end server must response back to the Client Server instead of the VIP.  We sort of circumvent it by creating a host file on each back-end server that map to the VIP DNS.&nbsp;
Has anybody done an iRule that could solve this problem?&nbsp;

patrik_jonsson · Answer

The text format of the comments is just painful to watch, so I'll put this in an answer.&nbsp;
Sorry, but I don't know if I got your scenario. Is it like this?&nbsp;
Client server contacts the VIP, The F5 chooses a pool member (does it have to use any SNAT when connecting to the member?).The pool member receives the response and then sends it back to the client server via the F5.You now want the F5 to replace the source address of the return packet with that of the selected member?
/Patrik&nbsp;

Forum Discussion

SNAT pass Destination IP back to Client

1 Reply

Recent Discussions

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

SMTP profile not visible & showing

About AWAF "Redirect URLs" in "Responses and Blocks"

F5 iRule to replace host to path

Related Content

Destination Snat Using DNS

SNAT IP address logging

Different policies same destination and pool

SNAT based on source and destination

Block destination IP by source IP