Jon
Jun 23, 2016Nimbostratus
F5 As a Router
I have a pair of BIG IPs in an active/standby configuration running LTM 10.2.4. We have several LDAP servers configured on an internal VLAN as pool members and are doing basic load balancing to these...
It sounds like you either have a duplicate IP problem, or a firewall that only allows return traffic once it has seen traffic in the other direction.
As far as routing goes, it's fundamentally not a router. What happens when you send a packet to the LTM is that it tries to match it to a listener. This could be a SNAT, or a virtual server. A virtual server can be set up to listen to either a host (/32) or network address, and to listen on all vlans, or specific vlans, so even if the destination matches, it won't necessarily match the virtual if that virtual isn't listening on the incoming vlan.
If ip-forward is enabled on the virtual (in the GUI, this is virtual server type ip forwarding), or in fact, even if you have a standard virtual with no pool members, and a directly connected destination.... the LTM will proxy the packet out the other side. Optionally, the LTM can change the source address so that the destination sees the source as local, and sends the reply back to the LTM.
All traffic through the LTM is proxied at layer 3/4. It doesn't route anything as a router would do, though you create a close simulation by creating a virtual server that is configured not to change the source address or port.