Inbound / Outbound SNAT questions

I have a HA LTM pair running 9.4.4 with the following basic setup.

 

VLAN external sits on 4.4.4.0/24. Unit 1 is 4.4.4.1, unit 2 is 4.4.4.2 and there is a floating address of 4.4.4.3.

 

VLAN internal sits on 2.2.2.0/24. Unit 1 is 2.2.2.1, unit 2 is 2.2.2.2 and there is a floating address of 2.2.2.3.

 

Virtual server vs_1_http has an address of 4.4.4.4 with service port 80 and uses the pool pool_1_http. The pool pool_1_http has members 2.2.2.10:80 and 2.2.2.11:80 with priority group activation set to less than 1 member. Member 2.2.2.10:80 has priority 10 and member 2.2.2.11:80 has priority 5.

 

Virtual server L3_forwarder is a forwarding(IP) virtual server that is enabled on all VLANs.

 

There is a SNAT called snat_inside_automap. It has a translation of automap, origin of all addresses and is enabled on VLAN internal. Virtual server vs_1_http has the SNAT pool set to snat_inside_automap. Virtual server L3_forwarder has the SNAT pool set to None.

 

When a client from VLAN external connects to vs_1_http, its real source address is kept, which is what I expect. When 2.2.2.10 or 2.2.2.11 (the pool members of pool_1_http) connect to vs_1_http, the SNAT is used so that the traffic will flow back through the load balancer, which is also what I expect. But, when 2.2.2.10 or 2.2.2.11 connect to and other IP address on VLAN external (4.4.4.0/24) the F5 translates their source address to the floating IP 4.4.4.3. This is not what I wanted. Can someone tell me where I went wrong with this configuration?

 

Thanks,

 

d