that looks good. fyi, we are using similar "stateless" ip forwarding virtual servers extensively in our datacenter with inline i5800 appliances and no issues. we use wildcard forwarders (0.0.0.0/0) and route domains to carve up different segments. combination of static and dynamic routing. this way our clients go thru the F5 with no SNAT requirement on datacenter apps.
other couple of things comparing configs you might check/verify:
in the forwarding virtual server properties do you have source-port preserve-strict enabled? ran into a "bug" where sometimes this can be a problem if not set to "strict" and ports were translating and that could cause a RST if the end to end port pair/socket is now different.
and translate-address and translate-port disabled?
and is your protocal set to any (not just tcp or udp)?
sample:
ltm virtual sample_forwarder {
destination 0.0.0.0%4:any
ip-forward
mask any
profiles {
profile_dc_fastl4 { }
}
source 0.0.0.0%4/0
source-port preserve-strict
translate-address disabled
translate-port disabled
vs-index 4
}
also curious about your /32 on the listener? what is the use case you are doing? as mentioned ours are wildcard and we then let routing decide how to move the packet. we don't have any gateway IP on the F5 since a downstream router is the subnet's gateway, and we have routing established between the F5 and router. but if you do have gateways on the F5 are they being accomplished thru this /32 or via a separate self IP (floating if you are doing redundant and basically similar to vrrp/hsrp)? we've done that before, using self IP as the subnet gateway and wildcard forwarder to pass all the stateless packets thru once the devices arp for the gateway.
hope this helps please share more info and maybe another idea/detail will surface...
Cirrus
