Can I spoof a source address with an iRule?

Chris, thanks for the response. The traffic in question is tacacs. That’s why I am needing the true source of the client.

 

 

I have two data centers with LTM's. In each datacenter I will have a pool of three nodes associated to the virtual server. Two of the three are physical tacacs servers the other node is a virtual server on the LTM of the other datacenter. I'll have priority set to the local tacacs server but if health monitors fail, the only healthy monitor will be the node pointing to the virtual server in the other datacenter. This all works great. The problem is the return traffic from the other datacenter.

 

 

 

In my example above let’s say a router trying to authenticate a user is IP-A. It has a tacacs server set to IP-D. IP-D is the virtual server address in datacenter1. When the LTM receives the connections it sees that the two local pool nodes are down and the only one up is IP-B. IP-B is a virtual server in datacenter2. When the LTM in datacenter 2 receives the traffic it sends it to one of its local node tacacs servers which has IP-C. So here is where it gets tricky, if IP-C responds it will end up back at the router trying to authenticate with a source of IP-B. And as I'm sure you already see the problem, the three way hand shake will never work when a router sends a request to one ip and get a response from another. That is why I'm trying to spoof the ip as it returns to the router.

 

 

Clear as mud??

 

 

Maybe I'm over complicating the issue. Any other suggestions are welcome.