clarification on SNAT and automap

First, drop all the pretense of S=Secure, and think of SNAT as Source NAT. i.e. NAT'ing the source address of the connection. That should probably make it a lot easier to remember what's happening.

 

 

Second, you can either use SNAT Automap, which will use a floating selfIP address as the src address for SNAT'ed connections, OR create a specific SNAT pool, which you put a list of IP addresses into it, and have the connections use one of those IP addresses as the src IP.

 

 

Lastly... What do you mean you want to preserve the server IP? IIUC what you're wanting, that's never going to work, because the client knows the 'server' address as your VS address. Having packets return with a different IP address won't match the connection table in the client, and would thus be dropped. There's no way to fake it...

 

 

There are a couple of (Possibly) ugly options if you TOOTB...

 

 

1. Assuming the traffic is HTTP, Use the LB as a pure redirection service. Client comes in and gets redirected via a 302 to a specific server. You might need to put some logic in there to track sessions (Unless you don't care about it) so clients keep the same backend, but that may not be necessary (YMMV).

 

 

2. Again assuming the traffic is HTTP, you could insert a header to track the IP address of the server. HOWEVER if you're doing that, you could also use session cookies to track it. The client can then decode the cookie to see what IP & Port they're being load balanced to.

 

 

Hamish.