VIPS without automap

The whole idea behind SNAT and automap (a form of SNAT) is to force return routing through the BIG-IP. As Michael stated, the default action for a standard virtual server is to not translate te client's source address. This means that, by default, the request arriving at the server behind the F5 will have the client's true source address. If the server knows how to route back to that client that doesn't involve going back through the F5, then it will bypass it. In most cases this will break the transaction because the client will receive a response from an address that it never sent a request to (the server's source address). SNAT changes the source address to something controlled by the F5 so that the server will natively respond back to that IP. The down side of that, of course, is that the server does not see the client's real IP address. You then have a few options:

1. Make the servers use the F5 as their default gateway. Ultimately you have to force the return traffic back through the F5.

    

2. Inject the client's IP into a header or packet. This method is entirely dependent on the protocol you're passing.