Forum Discussion

genseek_32178's avatar
genseek_32178
Icon for Nimbostratus rankNimbostratus
Jan 07, 2013

VIP issue

Hi,   We have the following VS setup,     virtual vl100-bz {   snatpool bz-vl100   pool bz-pl   destination 172.20.10.50:https   ip protocol tcp   persist persist-profile  ...
basic
getting started
new to f5
genseek_32178's avatar
genseek_32178
Icon for Nimbostratus rankNimbostratus
Jan 07, 2013
thank you nitass for the response.

 

 

Am curious as to why the return traffic from pool member (172.20.10.200 ) is NOT coming back via F5 even though we ve applied SNAT which should normally force reply traffic via F5 instead of going via router.

 

 

we thought - https://172.20.10.200 is working bcoz client is directly accessing the pool member and NOT via VS, and as the pool member has GWY as the router..so the client is seeing the source as the same IP which was the destination in the original request to the pool member.

 

 

Am quite curious how adding client or server ssl would force the return traffic via the F5 which SNAT is not able to do? And if ssl is applied, do we need to remove snat? Please elaborate on the traffic flow.