here is email from support
*** EMAIL OUT 9/22/2008 9:01:57 am conn Action Type: External email
Send to:[zafer.berber@prolink.com.tr]
Title: LTM v9.3.1 - oneconnect problem and authentication
Severity: Site at Risk (Sev 2)
Zafer,
You understand correctly, NTLM authentication cannot be used with Oneconnect.
When oneconnect has a mask set of 255.255.255.255, it means that for each external client, one persistent connection will be made to the server on the back end. The normal situation where a network mask is used is that one TCP connection will be established and used for all connections coming from that network mask. For example, a mask of 255.255.255.0 will reuse the same back end connection for all hosts coming from 192.168.8.0/24. It will use another connection for all clients coming from 172.20.8.0/24. And so on with each new network it sees.
SOL5911: Managing connection reuse using OneConnect source mask
https://support.f5.com/kb/en-us/solutions/public/5000/900/sol5911.html
The LTM is still multiplexing the connection using SNAT. Netscaler differs from the LTM in that the LTM is a full proxy while Netscaler is not. While sometimes it causes situations like this, it also allows us a great deal more flexibility to manipulate connections as they are being load balanced, for example, with specialized protocol profiles like HTTP and SIP, and with iRules.
This problem is not so much a problem with the method that the LTM uses to aggregate connections as it is with the way that NTLM is designed. Unfortunately, it is rather inflexible about the way it can be used through a proxy such as ours. While it mostly works, one feature it does not play well with is oneconnect.