Forum Discussion
NimbostratusHow to get client ip to show when load balancing AD ldaps servers as we are only seeing source NAT.
We are load balancing AD servers for LDAPS and are wondering if there is anyway to see the real client IP instead of the F5 source NAT.
6 Replies
AceDawg_204810Cirrus
To obtain the source IP address of the client rather than the self-ip/SNAT address of the F5, you must do the following:
- Configure the SNAT setting on the virtual server to none
- Configure the AD servers to use the self-ip address of the F5 as default gateway*
*The F5 will have to have layer 2 adjacency to the AD server(s). In other words, at least one F5 interface will need to have VLAN configuration on the same VLAN(s) as the AD server(s)
paulpatriot_129Unfortunately, I was hoping for a better solution as I didn't want to have to make a bunch of configuration changes to make this work. Thanks
- AceDawg_204810
For future reference, web based applications can obtain the true client IP address by way of the x-forwarded-for header. This approach eliminates the need for network reconfiguration:
https://support.f5.com/csp/article/K4816
AceDawg1To obtain the source IP address of the client rather than the self-ip/SNAT address of the F5, you must do the following:
- Configure the SNAT setting on the virtual server to none
- Configure the AD servers to use the self-ip address of the F5 as default gateway*
*The F5 will have to have layer 2 adjacency to the AD server(s). In other words, at least one F5 interface will need to have VLAN configuration on the same VLAN(s) as the AD server(s)
- paulpatriot_129
Unfortunately, I was hoping for a better solution as I didn't want to have to make a bunch of configuration changes to make this work. Thanks
- AceDawg1
For future reference, web based applications can obtain the true client IP address by way of the x-forwarded-for header. This approach eliminates the need for network reconfiguration:
https://support.f5.com/csp/article/K4816
