I need to put a firewall device between a server load balancing (SLB) device and the real server(s). SLB uses Direct Server Return (DSR), in which case the VIP address is configured as the loopback address on the real server. Simply, the reason for the loopback address configuration is the fact that the server does not reply any arp request for the VIP, yet still serving any incoming requests for that VIP address.
So, when I put a firewall device between them, and enable NAT, the device will reply arp request for VIP as well. My goal is to configure a NAT for VIP to be able to get the packets forwarded to the real server, but no answer to the arp request for that VIP by the PIX/ASA device.
Any comment?