SSL Termination and Client IP Address

Hi I am working with some network engineers on trying to figure out how to get the following scenario working. Please bear in my mind that I am not educated in F5, but just want to find out if it is possible, so that I can get my network engineers working to resolvement.

 

 

We have a F5 Load Balancer that is doing SSL Termination for us and is passing the client request to a pair of Apache Web Servers. What I am finding is that the SNAT IP address is being presented as the Client IP Address, as opposed to the one coming into the SLL LB. This is causing us problems, as we have security enabled on some application servers that checks that the Client IP Address is the same as the one they registered with. Since the front end is not behind F5, it is gets the Client IP Address from the Internet, and the authentication servers uses that to secure the session. When another application behind the SSL Termination F5 compares what it thinks is the Client IP Address (in fact it is the SNAT IP Adress from the F5) against what is stored in the secure session, there is a mismatch.

 

 

Is there any way I can get the Client IP adress and not the SNAT presented to Apache, so that the 2 match? I really do not want every request to come from 1 SNAT IP address, instead from the many that could come from the Internet.

 

 

Thanks in advance.