SNAT pass Destination IP back to Client

Question

I have a web services running on port 443. The incoming traffic from "Client server -&gt; F5 -&gt; Back-end Servers" is working fine, but the outbound response to the Client Server is not working.  So we have learned that the Client Server required the same IP address from whichever F5 route to the Back-end server must response back to the Client Server instead of the VIP.  We sort of circumvent it by creating a host file on each back-end server that map to the VIP DNS.&nbsp;
Has anybody done an iRule that could solve this problem?&nbsp;

patrik_jonsson · Answer

The text format of the comments is just painful to watch, so I'll put this in an answer.&nbsp;
Sorry, but I don't know if I got your scenario. Is it like this?&nbsp;
Client server contacts the VIP, The F5 chooses a pool member (does it have to use any SNAT when connecting to the member?).The pool member receives the response and then sends it back to the client server via the F5.You now want the F5 to replace the source address of the return packet with that of the selected member?
/Patrik&nbsp;

Forum Discussion

SNAT pass Destination IP back to Client

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

OWA File Upload URIs for WAF Bypass

F5 AWAF/ASM learning only from Trusted traffic?

irule execution error

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Show or List F5 XC Routes in the Web

Related Content

Destination Snat Using DNS

Destination address at F5

SNAT based on source and destination

SNAT pool persistence

Block destination IP by source IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS