I have a question in confiugring a windows 2012 server with LTM. This is not a application specfic question (but just to clarify it is for Lync 2012 Front End and Edge Servers). I want to make sure for security that the source IP and Port is logged on the Windows 2012 server. From my understanding, if I enable SNAT, it will always report the LTM IP addresss. However, if I do not want to use SNAT, I need to have a second NIC that has the gateway of the LTM configured. Which is fine. There are two questions, 1. Can the IP address used for the F5 be on the same network (vlan) as the primary NIC, or must it be configured on a seperate VLAN. And suppose the networks are on 10.42.16.x (for the primary NIC), and 10.42.70.x (for the LTM connection). Do I have to do a manual route addition to the server. I know I need to configure it on the L5 (can somebody point me in the direction of how to do this). I understand on the LTM that I need to configure a VLAN, and an "egress" IP addresses (This is the gateway that the second interface on the server will use for a gateway).
Agreed, I must have mis-read something about "making it more secure...". If you just enable SNAT you don't have to worry about gateways and more than one NIC, just click the SNAT checkbox and that should do it. You still have to change something to get source IP on the server (assuming QoS and QoE can't be changed to look for X-FWD-FOR as well) and looking at a different header is the easiest solution for that
As for the traffic not being load balanced. Another falacy here. If you have a single NIC and your default gateway is the LTM, traffic destined for other networks can simply be routed through the LTM, around the LTM using a static route on the server, or in the case of severs on the same subnet, the traffic wouldn't go through the LTM at all. The additional NIC would however, as you noted, give you more flexibility to have none of the traffic go through the LTM and not require static routes on the server, provided the other NIC was on the same subnet as the backup servers for instance in your scenario. Otherwise, you would have to use static routes on either the server(s) or the LTM to route throught the second interface combined with metrics to make sure it uses the NIC on the LTM internal subnet to return load balanced traffic.
So doing L3 routing through LTM (given the capacity of most LTM models) is not more costly than throwing an extra switch or L3 router in between the server and the backup devices. Again, this is traffic not destined for a virtual server on the LTM, just forwarded traffic. Since the LTM is not NATing that traffic and just forwarding it, it is not taxing the LTM that much. I'm assuming in all this the primary purpose of the server is running the load balanced application.
So, very long answer to your original question short ;-), a.) make LTM the gateway, static route to other network on LTM, and turn off SNAT, b.) use duel NIC with on the LTM subnet and default gateway LTM and second NIC on seperate subnet you need to get to, or one NIC and static route on server to other network, c.) don't change network configuration on server at all, use SNAT and follow the article: https://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html?sr=29839025 to get the information you need, assuming Lync QoS/QoE can operate using the X-FWD-FOR header as well.