Forum Discussion

paulpatriot_129's avatar
paulpatriot_129
Icon for Nimbostratus rankNimbostratus
Jun 19, 2018

How to get client ip to show when load balancing AD ldaps servers as we are only seeing source NAT.

We are load balancing AD servers for LDAPS and are wondering if there is anyway to see the real client IP instead of the F5 source NAT.  
application delivery
LTM
AceDawg1's avatar
AceDawg1
Icon for Nimbostratus rankNimbostratus
Jun 19, 2018

To obtain the source IP address of the client rather than the self-ip/SNAT address of the F5, you must do the following:

 

  1. Configure the SNAT setting on the virtual server to none
  2. Configure the AD servers to use the self-ip address of the F5 as default gateway*

*The F5 will have to have layer 2 adjacency to the AD server(s). In other words, at least one F5 interface will need to have VLAN configuration on the same VLAN(s) as the AD server(s)

 

  • paulpatriot_129's avatar
    paulpatriot_129
    Icon for Nimbostratus rankNimbostratus
    Jun 19, 2018

    Unfortunately, I was hoping for a better solution as I didn't want to have to make a bunch of configuration changes to make this work. Thanks

     

  • AceDawg1's avatar
    AceDawg1
    Icon for Nimbostratus rankNimbostratus
    Jun 19, 2018

    For future reference, web based applications can obtain the true client IP address by way of the x-forwarded-for header. This approach eliminates the need for network reconfiguration:

     

    https://support.f5.com/csp/article/K4816