Forum Discussion
cxcal_18687
Nimbostratus
NimbostratusUsing Big-IP as a router
I have yet to get our appplication (product from standard networks) to source the the client IP address for auditing purposes.
Application only works when SNAt is disabled.
Is it p...
hoolio
Cirrostratus
CirrostratusHi,
The BIG-IP can route traffic without performing source address translation. Under the most common configurations, the BIG-IP would route symmetrically (ie the request and the response both go through the BIG-IP). To route symmetrically, if you don't have the BIG-IP perform address translation, the destination of the traffic needs to have a route to the source which goes through the BIG-IP. Typically you do this by setting the web server's default gateway to the floating IP on the server's VLAN.
If you don't want to translate the source address, you can create a wildcard virtual server with SNAT disabled. If you want to specify a router or pool of routers, you can use a Forwarding IP VIP. If you want to just forward the requests according to the BIG-IP's routing table, you can use a Performance Layer 4 VIP.
If you want to have the BIG-IP just forward asymmetrically, you can enable loose initiation and loose close on the FastL4 profile for your VIP. BIG-IP won't add the connections to its connection table.
Take a look at the config guide for your version of LTM on AskF5 for more detail or reply here.
Aaron
