Luca_55898
Aug 11, 2011Nimbostratus
SNAT - Do i need it?
Hi,
We have a LTM which has a standard HTTP VIP with a pool of ISA proxy servers. SNAT automap is enabled for this VIP.
The guys who manage the proxys have said that they need to see the clients IP address rather than F5s IP, this is due to some authenticaion issue they have.
So the VIP is:
10.50.40.1
The nodes in the pool are all on the 10.55.55.0/24 subnet
The F5 will SNAT using the egress interface which is also on the 10.55.55.0/24 subnet.
So obviously if i disable SNAT the original client IP will be retained, the source address hitting the server won't be in the same subnet as the server so we need to make sure it has a route back to the original client.
In this type of setup is there a need for SNAT? This is on a totally internal network. The ISA servers will forward to the internet but does it matter what the original source IP was?
thanks,