Forum Discussion

NETWORK_331823's avatar
NETWORK_331823
Icon for Nimbostratus rankNimbostratus
Jan 17, 2019

Change Source Address Translated IP to Original Client IP to backend server

Client IP : 10.3.30.x accessing LB VIP:192.168.12.228 , Which is configured with Source Address Translation (Auto : IP -10.0.122.65/28) the request is forwarded to back-end server 10.0.138.60:5555 (G...
application delivery
iRules
LTM
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Jan 17, 2019

Hi GSTN Infra Network Team,

 

Stanislas already provided you two solutions. I'd like to elaborate a little bit more on the second solution stanislas has provided.

 

For network environments with "more intelligent network equipment" its not mandatory to change the "DEFAULT-GW" configuration to pass every traffic towards your F5.

 

Depending on your equipment, you may utilize some PBR (Policy Based Routing) functionalities, to become able to route just the traffic comming from SRC=10.0.138.60 (Backend application) to DST=0.0.0.0/0 (you may also want to add DST exemptions) towards GW=10.0.122.65 (F5).

 

If PBR is not a applicable, you could also add an additional network interface and IP address on your F5 within the back-end server VLAN. In this case you would be able to configure the local routing table of the back-end server to pass traffic destined to 0.0.0.0/0 (you may also want to add some additional route for internal traffic) to the now locally connected F5.

 

Cheers, Kai