Forum Discussion
Stephanie_Ser_1
Nimbostratus
NimbostratusPreserved Client IP Addresses
I would like to know how to preserved client IP address?
The webserver logged the BIGIP IP addresses (192.168.1.157)
instead of Client IP Address.
Anything wrong in my configuration.. Please advise.. Thanks
self 10.181.138.157 {
vlan external
netmask 255.255.255.0
broadcast 10.181.138.255
unit 1
floating enable
}
self 192.168.1.157 {
vlan internal
netmask 255.255.255.0
broadcast 192.168.1.255
unit 1
floating enable
snat automap enable
}
pool Testing_Pool {
persist simple
simple_timeout 3600
ssl_timeout 1200
header insert "OrigClientAddr:${client_addr}:${client_port} -> ${server_addr}:${server_port}"
member 192.168.1.161:https
member 192.168.1.162:https
}
virtual 10.181.138.160:https unit 1 {
use pool Testing_Pool
}
snats
snat map { external to auto unit 1
vlans admin internal disable
}
Wes_98712You are SNAT'ing your external VLAN, that will cause all source IP addresses to look like your external SNAT. Remove that and the client IP's will stay static.
David_Sherman_2I know this answer is late (5 months+...)
Anyway, looking at your config, I think the problem is that you are attempting to insert a http header in to an encrypted packet. This will not work. The only way to insert the header with the source IP is to have the F5 terminate the ssl session, then insert the header and then have the F5 re-encrypt or send it unencrypted back to the web server.