I'm having an interesting issue at one of my customers.

Scenario: customer is trying to reach an internal web server on its external public IP. Client IP SNAT is performed on an F5 (which also hosts the public IP of the web server), with the next hop being a Nexus vPC as WAN router.

Issue: when the client IP is SNATed to an IP in the same range as the web server, the traffic is dropped.

My best guess right now is that the vPC loop avoidance is the root cause of the connection issues:

- Packet is sent in vPC 9 from F5 -> DC-RTR-1 -> DC-RTR-2

- DC-RTR-2 checks ARP/MAC table and sees that the traffic is destined out vPC 9

- DC-RTR-2 drops the packet

Is this a supported topology? Any solution to overcome this issue?

My best solution right now would be to use DNAT or DNS to make sure the traffic is sent directly to the private IP of the web server, so it is not sent over the WAN RTRs, but is there anything that could be done on the Nexus?

Note that DC-RTR-1 does not have an IP in this WAN routing segment. Maybe giving this switch an IP and running HSRP would be a solution?