SAS_TOC_Network
Jan 21, 2019Nimbostratus
Bypass VIP NATed traffic and hit the node directly. LTM
INBOUND TRAFFIC.
SCENARIO: external host is trying to access internal ip (node. Facts: 1. There is a static 1-1 nat on the firewall (in front of LB) Public IP xlate to internal ip ie. 10.11.11.1 (VIP) 2. Multiple VIPs exists for multiple services (ie. 10.11.11.1:80, 10.11.11.1:21,10.11.11.1:etc) 3. Pool member for existing VIPs are 10.102.102.63
Question:
Is there a way to use the existing 1-1 NAT but instead of communicating with the VIP for the traffic to go directly to node? How to bypass the VIP?
Is NAT on the LB an option? If so, what is going to happen with that should go through the VIP for specific member (and don't think LTM allows you to NAT based on destination or ports just like the firewall does)