I'm probably missing something but I have the following problem:
Currently have a SSL-VPN setup with SNAT Automap. BIG-IP connected with multiple VLANs/Self-IPs.
vlan-internal - vlan id 100
self_internal - 192.168.100.245/24
vlan-external - vlan id 200
self_external - 192.168.200.245/24
default_route - 192.168.200.1 (firewall)
ssl-vpn - ip lease-pool 172.20.20.2-230
/Common/apm-vpn-vs configure with /Common/apm-vpn-profile
Firewall has been configured to route 172.20.20.0/24 traffic to 192.168.200.245.
With SNAT Auto-Map connectivity works.
Have a requirement to not use SNAT.
When disabling SNAT have connectivity to everything except for services on 192.168.100.0/24 (default route on servers is not F5), seeing as it is directly connected to the F5 it uses that connection to go to those addresses. I'm also able to ping the ip address assigned from the lease-pool from firewall.
Ended up creating a new partition and route-domain
rd_apm (id 1) - strict isolate, default rd for part_apm
default_route_apm - 192.168.200.1%0
In access policy did an assignment of rd_apm and set SNAT to none. This appears to have resolved my connectivity issues in that all traffic is directed out of the default route. However I am now unable to ping the ip address assigned from the lease-pool from firewall.
What do I need to do to allow this? Is there a different way to configure this to achieve the required outcome?