Forum Discussion
Piotr_Lewandows
Altostratus
AltostratusAFM NAT - how to implement
Hi,
That is probably something easy and I have to be missing tiny detail but as for now I am stuck :-(
I need to create something that I think is classic FW NAT. My goal is like that:
...
nathe
Cirrocumulus
CirrocumulusHi fellow MVP,
I don't have much familiarity with AFM i'm afraid, and certainly not the Translation rules. Anyway, the general configuration doesn't look right to me. A Perf L4 server, when it receives its initial SYN packet from the client, will choose a target and send the SYN onto this. This is normally a pool member (see Overview of TCP connection setup for BIG-IP LTM virtual server types). I suspect you're getting a reset, after a few SYNs, because the BIG-IP doesn't have a pool so can't send the packet on. In fact, the ARP requests you are seeing is because without the pool it's acting like a Forwarding IP virtual and wants to send the packet onto the VIP address and the BIG-IP doesn't respond to its own ARP requests (see A local virtual server IP address cannot be used as a pool member
Can you not let the LTM deal with the address translation and just use AFM for firewall policies, i.e. what source addresses are allowed etc.
Hope this helps,
N