LTM + ASM on separate boxes
I am trying to deploy LTM and ASM on separate 1600 boxes. Followed the guidelines of F5's deployment guide ("Deploying the BIG-IP Local Traffic Manager with Multiple BIG-IP Application Security Managers"). I configured one exterior VS and one interior VS on LTM. Also configured a VS on ASM box. On the LTM side SNAT automap is in use and I am getting original client IPs through XFF.
I have couple of issues with this configuration. Firstly, I can see the original client IPs on ASM request logs but when the traffic goes back to LTM interior VS and then to the IIS servers, client IPs are disappearing and I can see only the SNAT IP as requester.
Secondly, I am using cookie persistence but all the requests are going to the one pool member on LTM.
Is there any suggestions about this topology? Any idea or recommendations about this scenario will be appreciated.