I have a frontend subnet 10.2.2.0/24 (has the VIP's) and backend subnet 10.1.1.0/24 (contains the physical servers)
VIP Address for WEB service is 10.2.2.4 (in the frontend subnet)
The destinations are 10.1.1.70, 71, 72 (on the backend subnet)
The source server is 10.1.1.200
External servers can connect to 10.2.2.4 fine and see the traffic as from that ip only.
However when the source server IP is in the same subnet as the destination servers is unable to connect to the VIP.
It will send the initial syn packet to 10.2.2.4, but recieves back a packet from the IP of the destination servers (ie 10.1.1.70, 71, 72)
Because this packet doesn't match the original request it fails to connect.
I tried adding a Group with the VIP and same destination service - but this forces all connections to the destination services to look like they are coming from the VIP Address of
10.2.2.4, I want the services to see it coming from the original ip only.
vip address 10.2.2.4
add destination service WEB-01
add destination service WEB-02
add destination service WEB-03