Access loadbalanced IP from internal VLAN
Hi again,
I'm not sure if my current problems are related to the changes outlined here:
https://devcentral.f5.com/questions/nat-exemption-next-hop-routing
But it might well be. I'm currently not able to access the loadbalanced ip from the internal VLAN, where the loadbalanced IP is configured for, example:
1.1.1.1:80 -> 192.168.1.1:80 + 192.168.1.2:80 (round robin)
I can access 1.1.1.1 perfectly fine from any other internal VLAN (like from servers in the 192.168.2.0/24 subnet), but am not able to access them from the 192.168.1.0/24 VLAN.
Any ideas how to solve that issue? I think it's related to the virtual servers we created in the above mentioned question but I'm not sure how to work around that without breaking my other requirements.
Thanks, best, Alex
So by removing any SNAT, it looks like the return traffic from your servers isn't going back through the BIG-IP for this 192.168.1.0/24 vlan since they are in the same subnet.
One way to fix this is to apply an iRule to your 1.1.1.1 virtual server that will SNAT only if the request is from your internal vlan:
when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 192.168.1.0/24] }{ snat automap } }