Bypass VIP NATed traffic and hit the node directly. LTM

Question

INBOUND TRAFFIC. &nbsp;
SCENARIO: external host is trying to access internal ip (node. 
Facts:
 1. There is a static 1-1 nat on the firewall (in front of LB) Public IP xlate to internal ip ie. 10.11.11.1 (VIP)
 2. Multiple VIPs exists for multiple services (ie. 10.11.11.1:80, 10.11.11.1:21,10.11.11.1:etc)
 3. Pool member for existing VIPs are 10.102.102.63&nbsp;
Question: &nbsp;
Is there a way to use the existing 1-1 NAT but instead of communicating with the VIP for the traffic to go directly to node? How to bypass the VIP? &nbsp;
Is NAT on the LB an option? If so, what is going to happen with that should go through the VIP for specific member (and don't think LTM allows you to NAT based on destination or ports just like the firewall does)&nbsp;

rico · Answer

If you want the traffic to passthrough the F5 untouched, you could use a performance L4 virtual server. This will leave most traffic untouched and distribute it how you would like. If you want a simple NAT, you could configure a Forwarding IP virtual server. This will take in traffic and send it out the the interface specified with the IP address configured with SNAT. &nbsp;
Documentation for the L4 VS and the Forwarding IP VS&nbsp;
Hope this helps.&nbsp;

Forum Discussion

Bypass VIP NATed traffic and hit the node directly. LTM

1 Reply

Recent Discussions

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

Help with URL Masking

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

Related Content

Run Advanced Containers like OPSWAT Content Scrubbing Directly On F5 Distributed Cloud Nodes

Bypass certificate check

upgrade directly from os version 14.1. to 17.1.0

fellow traffic

Bypass WAF for X-forwarder IP in XC