source ip pass-through for sourced based ip authentication

if routing is correct, bigip does not need to perform snat on server-side connection (between bigip and pool member). so, web server should be able to see real client ip address.

 

 

is this what you are asking?

If SNAT is enabled on the virtual server and then the pool member server will not see the original source ip address. As previous, if no snat and your are relaying on routing this should work find. If you are using SNAT you have two choices, routing and forwarding virtual servers or x-forwarded-for (or some other kind of header insertation) but your backend server will need to ahve the ability to capture x-forwarded-for or remove a custom header. happy for anyone else to tell me i am wrong in my thoughts.

Thanks for the feedback

 

I had SNAT enabled...so I set to none now and created default gateway for route domain to the firewall interface on same vlan

 

Now the pages doesn't load

 

 

Ferg, tried x-forwarded-for but developers weren't picking up IP - yes they configured IIS to capture

 

I had SNAT enabled...so I set to none now and created default gateway for route domain to the firewall interface on same vlan

 

Now the pages doesn't load where is client and server? is client on one vlan and server on another vlan?

 

 

Ferg, tried x-forwarded-for but developers weren't picking up IP - yes they configured IIS to capturehow did they configure iis? is it similar to sol4816?

 

 

sol4816: Using the X-Forwarded-For HTTP header to preserve the original client IP address for traffic translated by a SNAT

 

http://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html