Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.4.1
Fixed In:
12.1.0
Opened: Sep 21, 2015 Severity: 3-Major
Direct Server Return (DSR) tunnels use the same client-side address of the encapsulated flow as their tunnel local address. Users do not have an option to configure this behavior.
Users have no option to choose DSR tunnel local address different from the user flow.
To use the BIG-IP system's self-IP as DSR tunnel local address, regardless of encapsulated application flows.
Enable SNAT on the corresponding virtual server on the BIG-IP system, and the DSR tunnel local can be set to the BIG-IP system's self-IP.
The virtual server that uses DSR pool now allows the pool-member to use the BIG-IP system's self-IP as the tunnel local, irrelevant to the application flow.