Forum Discussion
Cannot disable snat in iApps
Hi,
I have recently stuck with an issue on LTM which seems odd. When I set Source Address Translation to None in normal VIPs, client addresses get to the servers just fine but when I do the same thing for VIPs which I have created using iApp templates with the same configuration, client addresses keep getting translated to the inside interface IP of the LTM. It seems really strange to me because the procedure I take to disable the snat for both of them is the same but I get different result. I will paste the configuration of both here and I will appreciate if someone can help me about this.
===Virtual Setup : without-iapp_vs===
ltm virtual without-iapp_vs {
destination 192.168.10.60:http
ip-protocol tcp
mask 255.255.255.255
pool without-iapp_pool
profiles {
tcp { }
}
security-log-profiles {
"Log all requests"
}
source 0.0.0.0/0
translate-address enabled
translate-port enabled
vs-index 17
}
===Pool Setup : without-iapp_pool===
ltm pool without-iapp_pool {
members {
172.16.187.2:http {
address 172.16.187.2
session monitor-enabled
state up
}
}
monitor http-80
===Virtual Setup : with-iapp.app/with-iapp_redir_vs===
ltm virtual with-iapp.app/with-iapp_redir_vs {
app-service /Common/with-iapp.app/with-iapp
destination 192.168.10.42:http
ip-protocol tcp
mask 255.255.255.255
profiles {
with-iapp.app/with-iapp_f5-tcp-lan {
context serverside
}
with-iapp.app/with-iapp_f5-tcp-wan {
context clientside
}
http { }
}
rules {
_sys_https_redirect
}
source 0.0.0.0/0
translate-address enabled
translate-port enabled
vs-index 92
}
===Pool Setup : none===
===Virtual Setup : with-iapp.app/with-iapp_vs===
ltm virtual with-iapp.app/with-iapp_vs {
app-service /Common/with-iapp.app/with-iapp
destination 192.168.10.42:https
fallback-persistence with-iapp.app/with-iapp_source-addr-persistence
fallback-persistence-type source-address
ip-protocol tcp
mask 255.255.255.255
persist {
with-iapp.app/with-iapp_cookie-persistence {
default yes
}
}
policies {
with-iapp.app/with-iapp_policy { }
}
pool with-iapp.app/with-iapp_pool
profiles {
with-iapp.app/ASM_with-iapp_policy { }
with-iapp.app/with-iapp_client-ssl {
context clientside
}
with-iapp.app/with-iapp_f5-tcp-lan {
context serverside
}
with-iapp.app/with-iapp_f5-tcp-wan {
context clientside
}
with-iapp.app/with-iapp_http { }
with-iapp.app/with-iapp_oneconnect { }
with-iapp.app/with-iapp_optimized-caching { }
with-iapp.app/with-iapp_server-ssl {
context serverside
}
with-iapp.app/with-iapp_wan-optimized-compression { }
websecurity { }
}
security-log-profiles {
"Log illegal requests"
}
source 0.0.0.0/0
translate-address enabled
translate-port enabled
vs-index 93
}
===Pool Setup : with-iapp.app/with-iapp_pool===
ltm pool with-iapp.app/with-iapp_pool {
allow-snat no
app-service /Common/with-iapp.app/with-iapp
load-balancing-mode least-connections-member
members {
172.16.37.27:https {
address 172.16.37.27
app-service /Common/with-iapp.app/with-iapp
session monitor-enabled
state up
}
}
monitor https_443
slow-ramp-time 300
I closed the case, unfortunately we were not able to continue with the analysis, because of the incident they deactivated the environment with APM. We´re returning now and reconnects continue to occur less frequently.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com