Forum Discussion

Nimbostratus

Apr 22, 2005

V9.0.4 SNAT, but maintain source IP of client

We have two groups of servers which are on the same network (L2 and L3). Is there a way to preserve the source IP of a request from group1 web servers to a vip on the same network of the two groups o...

Admin

Apr 25, 2005

If it is not http traffic, you could separate your layer 2 domain into two vlans and then create a vlan group with your layer 3 domain defined there. Put each group of servers into each vlan, then destination nat the traffic, the BigIP will preserve the source and intercept the return traffic to correct the (now) source as the vip so the packet originator doesn't reset the TCP connection. I tested this in the lab a few years ago. You shouldn't need a rule for this.

Recent Discussions

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning
May 06, 2024 Wasfi_Bounni
URL
May 06, 2024 Kuldeep22
Migration from i series 10200 with 1 child VCMP to r series 10900 series
Solved
May 06, 2024 F5_Design_Engineer
Azure DP-100 Exam Questions
May 06, 2024 Rachel_Stear
Deploying F5 WAF in front of Azure Web App Services
May 06, 2024 Dougbert

Forum Discussion

V9.0.4 SNAT, but maintain source IP of client

Recent Discussions

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning

URL

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Azure DP-100 Exam Questions

Deploying F5 WAF in front of Azure Web App Services

Related Content

Use Kubernetes Cert-Manager to Maintain Let's Encrypt Certificates

Maintainers, Slowloris/2, Kobold Letters - April 1st - 7th, 2024 - F5 SIRT - This Week in Security

Solving for true-source IP with global load balancers in Google Cloud

F5 XC vk8s workload with Open Source Nginx

How to ensure source address and source port are accepted and traversed properly via F5 SNAT automap