Virtual forwarding server versus routing table

Thanks! Please check the attached config file. Previously, in order to simply the diagram, I didn't put the real network ip range: here is the brief about the IP: 10.20.0.0 is 10.0.2.0 in the config 10.21.0.0 is 10.0.20.0 in the config. the rest of IP range is used internally for the lan, dmz and other networks.

apm client-packaging /Common/client-packaging { } apm resource remote-desktop citrix-client-bundle /Common/default-citrix-client-bundle { } asm predefined-policy POLICY_TEMPLATE_ACTIVESYNC_V1_0_V2_0_HTTP { } asm predefined-policy POLICY_TEMPLATE_ACTIVESYNC_V1_0_V2_0_HTTPS { } asm predefined-policy POLICY_TEMPLATE_LOTUSDOMINO_6_5_HTTP { } asm predefined-policy POLICY_TEMPLATE_LOTUSDOMINO_6_5_HTTPS { } asm predefined-policy POLICY_TEMPLATE_ORACLE_10G_PORTAL_HTTP { } asm predefined-policy POLICY_TEMPLATE_ORACLE_10G_PORTAL_HTTPS { } asm predefined-policy POLICY_TEMPLATE_ORACLE_APPLICATIONS_11I_HTTP { } asm predefined-policy POLICY_TEMPLATE_ORACLE_APPLICATIONS_11I_HTTPS { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2003_HTTP { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2003_HTTPS { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2003_WITH_ACTIVESYNC_HTTP { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2003_WITH_ACTIVESYNC_HTTPS { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2007_HTTP { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2007_HTTPS { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2007_WITH_ACTIVESYNC_HTTP { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2007_WITH_ACTIVESYNC_HTTPS { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2010_HTTP { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2010_HTTPS { } asm predefined-policy POLICY_TEMPLATE_PEOPLESOFT_PORTAL_9_HTTP { } asm predefined-policy POLICY_TEMPLATE_PEOPLESOFT_PORTAL_9_HTTPS { } asm predefined-policy POLICY_TEMPLATE_RAPID_DEPLOYMENT { } asm predefined-policy POLICY_TEMPLATE_SAP_NETWEAVER_7_HTTP { } asm predefined-policy POLICY_TEMPLATE_SAP_NETWEAVER_7_HTTPS { } asm predefined-policy POLICY_TEMPLATE_SHAREPOINT_2003_HTTP { } asm predefined-policy POLICY_TEMPLATE_SHAREPOINT_2003_HTTPS { } asm predefined-policy POLICY_TEMPLATE_SHAREPOINT_2007_HTTP { } asm predefined-policy POLICY_TEMPLATE_SHAREPOINT_2007_HTTPS { } asm predefined-policy POLICY_TEMPLATE_SHAREPOINT_2010_HTTP { } asm predefined-policy POLICY_TEMPLATE_SHAREPOINT_2010_HTTPS { } ltm default-node-monitor { rule none } ltm virtual /Common/Forwarding-Headquater-VS { description "Forward Traffic back to headquater" destination /Common/192.168.0.0:0 ip-forward ip-protocol tcp mask 255.255.0.0 profiles { /Common/fastL4 { } } source 10.0.2.0/24 source-address-translation { type automap } translate-address disabled translate-port disabled vlans { /Common/headquater_Manage } vlans-enabled } ltm virtual /Common/Internal-routing1 { description "Management VLAN internal routing" destination /Common/10.0.2.0:0 ip-forward ip-protocol tcp mask 255.255.255.0 profiles { /Common/fastL4 { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address disabled translate-port disabled } ltm virtual /Common/Internal-routing2 { description "VManage-VLAN internal routing" destination /Common/10.0.7.0:0 ip-forward ip-protocol tcp mask 255.255.255.0 profiles { /Common/fastL4 { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address disabled translate-port disabled vlans { /Common/VManage-ESX } vlans-enabled } ltm virtual /Common/Internal-routing3 { description "SETWEBVIP- VLAN internal routing" destination /Common/10.0.20.0:0 ip-forward ip-protocol tcp mask 255.255.255.0 profiles { /Common/fastL4 { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address disabled translate-port disabled vlans { /Common/SET-WEBVIP } vlans-enabled } ltm virtual-address /Common/10.0.2.0 { address 10.0.2.0 arp disabled icmp-echo disabled mask 255.255.255.0 traffic-group /Common/traffic-group-1 } ltm virtual-address /Common/10.0.7.0 { address 10.0.7.0 arp disabled icmp-echo disabled mask 255.255.255.0 traffic-group /Common/traffic-group-1 } ltm virtual-address /Common/10.0.16.0 { address 10.0.16.0 arp disabled icmp-echo disabled mask 255.255.255.0 traffic-group /Common/traffic-group-1 } ltm virtual-address /Common/10.0.20.0 { address 10.0.20.0 arp disabled icmp-echo disabled mask 255.255.255.0 traffic-group /Common/traffic-group-1 } ltm virtual-address /Common/192.168.0.0 { address 192.168.0.0 arp disabled icmp-echo disabled mask 255.255.0.0 traffic-group /Common/traffic-group-1 } ltm virtual-address /Common/192.168.130.0 { address 192.168.130.0 arp disabled icmp-echo disabled mask 255.255.255.0 traffic-group /Common/traffic-group-1 } net route /Common/headquater-Network { description "Access to Headquater Network through VPN" gw 10.0.2.2 mtu 1500 network 192.168.0.0/16 } net route /Common/Default-Gateway { description "Default Internet Gateway" interface /Common/WAN mtu 1500 network default } net ipsec ike-daemon /Common/ikedaemon { } security http profile /Common/http_security_migrated_httpsecurity_profile { app-service none case-sensitive defaults-from /Common/http_security description "This profile was created by upgrade migration process from the original HTTP

Security Profile named: [http_security]" evasion-techniques { alarm enabled block disabled } file-types { alarm enabled block disabled } http-rfc { alarm enabled bad-host-header enabled bad-version enabled block disabled body-in-get-head disabled chunked-with-content-length enabled content-length-is-positive enabled header-name-without-value enabled high-ascii-in-headers disabled host-header-is-ip disabled maximum-headers 20 null-in-body enabled null-in-headers enabled post-with-zero-length disabled several-content-length enabled unparsable-content enabled } mandatory-headers { alarm enabled block disabled } maximum-length { alarm enabled block disabled post-data 15728640 query-string 1024 request any uri 1024 } methods { alarm enabled block disabled values { GET POST HEAD } } response { body "Request RejectedThe requested URL was

rejected. Please consult with your administrator.

()%>" headers "HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Connection: close" type default url none } } sys software update { auto-check enabled frequency weekly } wom endpoint-discovery { }