Forum Discussion

Julio_Medina's avatar
Julio_Medina
Icon for Nimbostratus rankNimbostratus
Aug 23, 2017

Send Client-IP to LDAP Server, not same subnet.

Hi,

 

I have a Virtual Server balancing to a couple of LDAP Servers, my question is, how can I send the client-IP to the LDAP Server considering that LDAP Server and Big-IP are in separate subnets. Is it possible?

 

application delivery
BIG-IP
LTM

1 Reply

  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Aug 24, 2017

    Hi Julio Medina,

     

    you would need to implement Policy-Based-Routings (PBRs) to overwrite your routing infrastructure on the path between your LDAP servers and your F5. The mission of the PBR setup would be to forward every response from SRC_IP=YOUR_LDAP_SERVERS:389/636 to DST_IP=ANY:ANY always to your F5. After PBR is implemented you could remove SNAT on your Virtual Servers so that the LDAP Servers will see the original client IP again.

     

    Note: PBRs are Routing-Tables overwrites, which can by used to capture traffic by providing a network based ACL and then forward any matching traffic to a given next-hop interface, MAC or IP. The difference to a regular Routing-Tables is that you can also use SRC_IPs, protocol and/or port information to choose the next-hop / gateway...

     

    Cheers, Kai