IP Forwarding Virtual Server v/s SNAT

nitass,

Tested the rule above. It looks like, unless the vserver used for SNAT'ing (snat 190.191.192.193) is not defined in a SNAT pool (apart from being a vserver object), the rule did not work. As soon as it was defined as a SNAT object, it started working.

For my second question, lets consider the same two nodes 10.10.10.1 and 10.10.10.2 and their standard vserver 190.191.192.193 port 25. The listener object 190.191.192.193 is also inside a SNAT pool. If its not, like i said, i couldn't see it working, but i may be wrong or missing something. Lets say node 10.10.10.1:8821 needs to talk to an off-campus public server 170.171.172.173:25. The request hits the wildcard forwarding vserver that has the above irule and the node gets SNAT'd to its vserver address (190.191.192.193:8821). When the public server responds back 170.171.172.173:25, the destination address is the vserver address 190.191.192.193:8821 (and not port 25, like its defined on the LTM). At this point, does the traffic get forwarded to the node 10.10.10.1:8821 or does it get load balanced to the pool instead (as is the case with a standard vserver). We currently have just one standard vserver:25 and a wildcard forwarding vserver on our LTMs.

Would really appreciate if you could throw some light on it. Best practices, recommendations, anything :)