i have not talked to the server guys yet so it may or may not need selectively disabling so just preparing in advance in case it needs it, in that case i will need to create an irule right? Which is what i need help with.
so we have a working pool which is not in production and tried testing it with that by changing address translation from auto map (can rach the side from client with auto map on) to none and on the packet capture it seems to work as it should as the source is no longer getting translated but im no longer able to get to the website, im assuming i need to change something else to get it to work? By the way im using an ssl profile for both client and server side.
Hi @kbk491 ,
Just changing SNAT settings to none is not going to work here. In order to work this, you should have backend server default gateway pointed to the F5. Then only it will work or else it will create asymmetric routing issue and url won't work. It seems you are having the same issue.
To achieve your requirement,
1. You can enable XFF settings to preserve the true client IP when SNAT is enabled. Below article will help you on it.
2. If you want to try with disabling SNAT settings, then make sure backend app server default gateway is pointed to F5. But it will cause your internet traffic also sending to F5 first. So you need to take that into consideration.
Hope it helps!
So for option 1 in the article there is this part:
Configuring the web server to extract the IP address from the HTTP header
We have an oracle website hosted on cisco ucs blade chassis, so which of the above would be applicable?