Forum Discussion

Sam01_131907's avatar
Sam01_131907
Icon for Nimbostratus rankNimbostratus
Oct 31, 2013

VIPS without automap

Hi,   When i have a vip and automap is enabled,all workks good and i can access my ftp pool or www pools and no problems. when i turn off automap and present the client ip as is,something get brok...
Michael_Yates_6's avatar
Michael_Yates_6
Icon for Cirrus rankCirrus
Oct 31, 2013

Hi Sam,

 

SNAT insures that all calls made on behalf of the Client are routed back to the F5 for properly delivery back to the Client. It prevents any calls from back end servers or services from making a call directly back to the Client (since the Client wouldn't be expecting to hear from anyone except who it initiated a connection to (Prevents Broken Routes)).

 

Does the Server(s) live on a Subnet owned by the F5? Does the Application(s) make any calls to other servers or services?

 

  • Sam01_131907's avatar
    Sam01_131907
    Icon for Nimbostratus rankNimbostratus
    Nov 01, 2013
    Michael, what you said make sense where the client expect a return traffic from the VIP ip address and not the physical server ip address(where its unknown to the client).automap translate all the clients ip addresses behind some nat(automap or irule) ...is that the best practicies? can we keep the client identity as is ans somehow route the traffic back from the server(ftp or www) to the client?