Forum Discussion

SAS_TOC_Network's avatar
Icon for Nimbostratus rankNimbostratus
Jan 21, 2019

Bypass VIP NATed traffic and hit the node directly. LTM



SCENARIO: external host is trying to access internal ip (node. Facts: 1. There is a static 1-1 nat on the firewall (in front of LB) Public IP xlate to internal ip ie. (VIP) 2. Multiple VIPs exists for multiple services (ie.,, 3. Pool member for existing VIPs are




Is there a way to use the existing 1-1 NAT but instead of communicating with the VIP for the traffic to go directly to node? How to bypass the VIP?


Is NAT on the LB an option? If so, what is going to happen with that should go through the VIP for specific member (and don't think LTM allows you to NAT based on destination or ports just like the firewall does)


1 Reply

  • If you want the traffic to passthrough the F5 untouched, you could use a performance L4 virtual server. This will leave most traffic untouched and distribute it how you would like. If you want a simple NAT, you could configure a Forwarding IP virtual server. This will take in traffic and send it out the the interface specified with the IP address configured with SNAT.


    Documentation for the L4 VS and the Forwarding IP VS


    Hope this helps.