Bypass VIP NATed traffic and hit the node directly. LTM

Question

INBOUND TRAFFIC. &nbsp;
SCENARIO: external host is trying to access internal ip (node. 
Facts:
 1. There is a static 1-1 nat on the firewall (in front of LB) Public IP xlate to internal ip ie. 10.11.11.1 (VIP)
 2. Multiple VIPs exists for multiple services (ie. 10.11.11.1:80, 10.11.11.1:21,10.11.11.1:etc)
 3. Pool member for existing VIPs are 10.102.102.63&nbsp;
Question: &nbsp;
Is there a way to use the existing 1-1 NAT but instead of communicating with the VIP for the traffic to go directly to node? How to bypass the VIP? &nbsp;
Is NAT on the LB an option? If so, what is going to happen with that should go through the VIP for specific member (and don't think LTM allows you to NAT based on destination or ports just like the firewall does)&nbsp;

rico · Answer

If you want the traffic to passthrough the F5 untouched, you could use a performance L4 virtual server. This will leave most traffic untouched and distribute it how you would like. If you want a simple NAT, you could configure a Forwarding IP virtual server. This will take in traffic and send it out the the interface specified with the IP address configured with SNAT. &nbsp;
Documentation for the L4 VS and the Forwarding IP VS&nbsp;
Hope this helps.&nbsp;

Forum Discussion

Bypass VIP NATed traffic and hit the node directly. LTM

Recent Discussions

How to Renew F5 Device Certificate

How to export a list of paired external service providers from APM?

BIG-IP Edge Endpoint Inspection Failure pre-VPN

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Related Content

Bypass certificate check

Run Advanced Containers like OPSWAT Content Scrubbing Directly On F5 Distributed Cloud Nodes

Log Bypass for BIG-IP Monitor Traffic

MSM Bypass

upgrade directly from os version 14.1. to 17.1.0

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS