Static route question when the same IP can be either client or server and accessable through outside or inside interface

Question

Hi,&nbsp;
I'd be very grateful for some advice on a routing question.  our setup uses an outside and an inside interface and all connections use SNATs.  In scenario 1 when 10.0.0.1 is the client it connects to the VIP through the outside interface.  in scenario 2 the same IP address is the server and it's accessed via a SNAT through the inside interface.  My question is if I have a static route configured for scenario 2 this destination is accessed through the inside interface, will this affect the first scenario when the IP is the client and sits on the outside interface, i.e. will I have asymmetric routing or will the client/VIP-destination/SNAT ensure the static route does not affect the connection?  Both client and destination IPs are a layer 3 hop away.  As this is a new deployment we are able to make any configuration/design changes.&nbsp;
Thanks in advance&nbsp;

james_thomson_0 · Answer

A few questions:  When you say outside and inside interface, do you mean outside and inside vlan? Can you give an example of what the self IP's are on those vlans?  When you say in Scenario 2, that the "same ip is accessed via a SNAT through the inside interface" what type of SNAT and what does that configuration look like.  Then, the route you're talking about adding? Is that a route for the BIG-IP to learn how to get to the 10.0.0.1 machine?&nbsp;
Making some guesses, if so, the auto-lasthop feature should override your static route so that route should not affect the inbound connection. The BIG-IP will send the packet back to the client the way it came in. &nbsp;

nitass · Answer

are you worrying about return traffic (to client)? by default, auto lasthop is used (i.e. route is not needed/used).&nbsp;
sol13876: Overview of the Auto Last Hop setting (11.x)&nbsp;
https://support.f5.com/kb/en-us/solutions/public/13000/800/sol13876.html&nbsp;

neil_t_66364 · Answer

Thankyou both for your quick replies.  I was wondering if there was a auto-last-hop type function as the inbound connection is to a VIP so I guessed there would be some kind of mapping table.
@James this is a new setup so there's currently no configuration in place we've just mapped out what needs to be configured.  I have seceral years experience with load balancers but only just recently started with F5s.
Thanks again to you both&nbsp;

Forum Discussion

Static route question when the same IP can be either client or server and accessable through outside or inside interface

3 Replies

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Configuration Assistance: Configure Email Alerts for HA Failover Events and Device Offline

Can one create one virtual server with two pool members with multiple services running on it?

Maintenance page / local website that includes subfolders

AWS F5_OWASP Managed Rule Blocking requests

AST Configuration help

Related Content

Frequently Asked Questions - F5 Access 2018

BIG-IQ Access Configuration Interface Quick Introduction

Application Programming Interface (API) Authentication types simplified

Zero Trust Application Access for Federal Agencies

UCS Encryption Question

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS