can't connect to my own external network?

I have it working now one of the other admins here repeated your suggestion, and had an irule for it he is using for another case).

The following iRule solves the problem (and I'm still trying to wrap my head around why):

when LB_SELECTED

{

if {[IP::addr "[IP::client_addr]/22" equals "[LB::server addr]/22"]}

{

snat automap

}

else

{

snat none

}

}

This is what you suggested, Hamish - what I'm confused by is why it's making a difference.

I turned on some logging, and it appears the situation is thus:

We have the *pool* NAT/SNAT off, so that we can log the outside IP in our apache access logs. That's seemingly what's breaking the connections from internal clients; I had forgotten that pools have a NAT/SNAT setting as well as virtual servers. The rule above triggers when we hit the virtual server locally, and seemingly sets snat on? Which is odd, because it's on "automap" for the virtual server already. I guess in this context the snat set is for the pool, even though the irule is a virtual server irule? Weird.

All I know is that it works with the above, so w00t! Bonus points to you, Hamish - thanks!

-- Tom