Forum Discussion
Arron_1084
Nimbostratus
NimbostratusAccess external VIP from inside IP
Sorry if this has been asked/answered before. I wasn't able to find anything in the searches.
I'm trying to use my existing LTM's to load balance two sets of applications using the same LTM. I have a pair of proxy servers and a pair of sharepoint front end web servers, both systems are on the same internal IP network (10.100.1.0/25) both have VIP's on the external network (external side of the LTM) on the 192.168.1.0/25 network.
The traffic flow has to be - Incoming connection on port 445 to VIP of Proxy servers --> LTM routes to one of two servers in the pool --> Outbound connection to VIP of Sharepoint servers --> outbound connection to one of several Sharepoint servers in the pool.
From the proxy server(s) I'm able to ping the VIP of the sharepoint servers (on the 192.168.1.x network) but am not able to make a http/s connection. I'm guessing the outbound packet is reaching the destination but the return is being dropped / confused as it doesn't need to travel back through the F5 to reach the source as they are on the same network. I'm looking for a way to do this that doesn't involve putting the proxys in a different IP subnet, but will do that if required.
- nitass
Employee
have you ever tried to configure snat automap under virtual server configuration? 
HamishCirrocumulus
Or drop in an iRule... I use one that compares the client IP with the subnets that the poolmembers live on. If the client is on the poolmember subnet then it gets a SNAT (automap or dedicated). Otherwise it goes straight though with the client IP. That way you only have to deal with SNAT for a few hosts.
H
hoolioCirrostratus
Here's an example from James Thomson for this:From: http://devcentral.f5.com/wiki/iRules.SelectiveSNAT.ashx when LB_SELECTED { if {[IP::addr "[IP::client_addr]/24" equals "[LB::server addr]/24"]} { snat automap } }
Aaron
