Forum Discussion

EranN_340350's avatar
EranN_340350
Icon for Nimbostratus rankNimbostratus
Jan 06, 2019

Working without SNAT to see original client IP

Hi, In order to see the original client IP accessing a pool member from the WAN, I've disabled SNAT, then, because of assymetric routing the connection stopped working, so I've set the pool member server (windows server) DG IP address to be the F5 internal IP of that specific VLAN, then the connection was working again and I could see the original cliene IP accessing the pool member, but I lost connectivity to that server from my workstation since the routing to that VLAN in our LAN environment is done via our backbone switches / FW .

 

How can I keep the above configuration (no SNAT, DG of pool member is the F5 IP instead of our FW IP) and still have access to that server inside the LAN ?

 

Thank you.

 

  • You'll need to create a forwarding virtual server on the BIG-IP to enable routing to that network through the BIG-IP. Basically just a Virtual Server with a destination of 0.0.0.0/0 and type of Forwarding (IP) for the pool member to use and one for the network to access the pool member with a destination of the pool member's network, i.e. 192.168.10.0/24. On your network, you can set a route to the network the F5 is routing by adding a route with a next hop of the BIG-IP's floating IP.

     

    Here's a KB explaining forwarding virtual servers:

     

    https://support.f5.com/csp/article/K7595

     

    --D