Forum Discussion

thomass87_91937's avatar
thomass87_91937
Icon for Nimbostratus rankNimbostratus
Oct 30, 2014

inline configuration

Hi,

 

I have configuration: NET => FW => F5 => SRV

 

I have VS1 which forwards traffic to SRV (no SNAT used, not possible to do XFF so source address of client is seen). F5 is def gw for SRV. On F5 there is also forwarding IP VS 0/0 and def route to FW. FW also have static route for SRV subnet poiting to F5.

 

Questions: 1. Client from net goes to VS1 (SNAT off) is redirected to SRV (source address is seen, destination nat is in place to pass traffic to SRV). I assume that return traffic from SRV is hitting VS 0/0 (am I right?) VS 0/0 have snat off. And I also assume that source address of SRV is changed to VS1 IP (am I also right?). If not, should I do some SNAT on VS 0/0?

 

  1. Second example. When server is originating connection to NET it hits VS 0/0, is that right? No SNAT is configured so source address of server is seen outside? The route on FW pass traffic back to SRV via F5.

     

  2. If point 1 is true (so when return traffic is automatically SNATed back to VS1 IP) what determines that traffic is SNATed or not? Is it previously created session/entry for DNAT when traffic originating from Net hits VS1?

     

  • Hi,

     

    I have also another question: Do I really need: loose-close enabled loose-initialization enabled configuration? Or in inline configuration when the all traffic is passing thru F5 I do not need this settings? (I think they should be enabled in nPath architecture). Please correct me if I am wrong.

     

    • nitass's avatar
      nitass
      Icon for Employee rankEmployee
      yes, npath is one example. another example is when you do not want to keep track of connection. sol7595: Overview of IP forwarding virtual servers (Emulating stateless IP routing with BIG-IP LTM forwarding virtual servers) https://support.f5.com/kb/en-us/solutions/public/7000/500/sol7595.html