Clients do not access via SNAT (External ->Inbound Wide IP->Virtual Server)
Here is a sampling of the connection information:
VIRTUAL any:any <-> NODE 10.10.10.100:microsoft-ds TYPE any
CLIENTSIDE 20.20.20.5:52364 <-> 10.10.10.100:microsoft-ds
(pkts,bits) in = (4, 400) out = (2, 120)
SERVERSIDE 20.20.20.5:52592 <-> 10.10.10.100:microsoft-ds
(pkts,bits) in = (2, 120) out = (4, 400)
PROTOCOL tcp UNIT 1 IDLE 118 (300) LASTHOP 4091 00:15:63:aa:b1:48
VIRTUAL any:any <-> NODE 20.20.20.100:microsoft-ds TYPE any
CLIENTSIDE 10.10.10.5:13476 <-> 20.20.20.100:microsoft-ds
(pkts,bits) in = (4, 365) out = (2, 120)
SERVERSIDE 10.10.10.5:13708 <-> 20.20.20.100:microsoft-ds
(pkts,bits) in = (2, 120) out = (4, 365)
PROTOCOL tcp UNIT 1 IDLE 155 (300) LASTHOP 4092 00:23:04:4e:fc:80
It appears the source port is random (due to snat automap) but the destination port is always microsoft-ds or netbios-ssn. It cycles through all of the virtual servers, even if they are disabled and do not have a wide ip defined to them. I assume the only traffic with the floating self-ip as the source should be originating from a different Vlan like the internal Vlan but I never see the destination host on the internal Vlan via TCPdump.
If this was external traffic, I should see the external source ip. Currently this is generating allot of connections.
Thanks …