Virtual Server not forwarding Source IP

Question

Hi All,&nbsp;
Need help, I have currently have a VIP for proxy traffic.. Clients connecting to Web appliances, Nothing fancy standard type, port 8080&nbsp;
I basically want to replicate VIP but using different IP addressing, Vip, pools, self ips etc&nbsp;
I have new VIP up running but it will only work if auto map is turned on, I want to keep source IP address..&nbsp;
Just a few things which might have impact ??&nbsp;
There is already self IPs with /8 mask in use which over run the new IP range that I'm using.
There is also a Forwarding VIP in use for certain Vlans.&nbsp;
Any help appreciated&nbsp;
J&nbsp;

patrik_jonsson · Answer

If you enabled automap and that solved it 9/10 I'd guess that the server side does not had default routes back via the LB or that the server side and client side is considered to be on the same subnet.&nbsp;
/8 is a huge subnet so that could actually point to the client and server being on the same network. Out of curiosity, why do you have such a big one?&nbsp;
It'd help if you could specify your network setup and ltm virtual configs from the config file.&nbsp;
/Patrik&nbsp;

vidar_s_234221 · Answer

You're not giving us much to work on. Can you please describe what situation you are trying to solve? If it doesn't work without Auto Map enabled, I'm guessing the F5 is not acting as the default gateway of your proxies, which is required in order to avoid SNAT. Please note that you can inject "X-Forwarded-For" for use tracking and later extract this from the request forwarded to your proxies (I know for certain you can do this with Squid, Cisco Ironport and Trend)

More info about how to configure this on your VIP here: https://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html

joetobai_247696 · Answer

I have feeling that if I add route on BIG-IP for the new subnet it might fix issue, Is there any risk this will affect current live VIPS&nbsp;

Forum Discussion

Virtual Server not forwarding Source IP

3 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

google-visualization-issues

Related Content

Check a Virtual Server's SSL Status

Virtual Server graphical App for F5 LTM

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire