SNAT - preserve client ip to pool member non-http traffic

Please help, I may have the same issue.

We are having issues with client connections in our new HL7 environment.

We set up multiple clients on the same VIP and same pool member on the F5.

Each client has their own port which is how we keep them separated

Clients are using a site to site VPN to connect.

This worked when we tested over the internet. The only difference is that we are using a site to site VPN.

Clients claim they do not get an acknowledgement when they send a message. The external firewall shows that we are indeed sending an acknowledgement. Also, a simple telnet from the client to the VIP over the port specified shows they are indeed connected.

However, when I run wireshark on the HL7 server that sits behind the F5 and filter by the client’s port, I see nothing. If it’s not getting to the server, what is responding? The F5? I fear it may be a SNAT issue but we are using SNAT automap.

Can someone more clearly define how the F5 handles this traffic once it hits the F5? Should I be able to see the clients address and port on the server or does the F5 hide that information?

virtual HL7_Client1 {

snat automap

pool pool_hl7_Client1

destination 205.xxx.xx.xx:8888

ip protocol tcp

persist source_addr

profiles {

Http_compression {}

tcp {}

}

}

virtual HL7_Client2 {

snat automap

pool pool_hl7_Client2

destination 205.xxx.xx.xx:9999

ip protocol tcp

persist source_addr

profiles {

Http_compression {}

tcp {}

}

}

pool pool_hl7_Client1 {

lb method member least conn

action on svcdown reselect

monitor all gateway_icmp

members 10.10.10.10:8888 {}

pool pool_hl7_Client2 {

lb method member least conn

action on svcdown reselect

monitor all gateway_icmp

members 10.10.10.10:9999 {}