Basic SNAT Question

Craigus -- it's even easier: when configuring a virtual server you set 'snat automap' (SNAT Pool in the GUI is set to Auto Map). This tells the appliance to set the source-IP to a self-ip in the egress VLAN, strongly preferring a floating IP.

Pete is correct that SNAT Automap is the quickest and easiest. However, I don't use it because it makes troubleshooting via tcpdump difficult. If you use Automap, both the user traffic and the monitor keep-alive traffic will come from the self IP address of the egress VLAN. That makes it hard to differentiate between the two.

So I do something similar to what Craigus suggested. I create a SNAT Pool with an entry that is the same as the VS IP address. That way if I am using tcpdump I can filter with the ip address of the VS, either on the ingress interface to capture client side traffic or the egress interface for server side traffic. Of course if ingress and egress traffic is on the same interface, I can see both on a single tcpdump capture.

But if you don't plan to use tcpdump, SNAT automap is an quick and effective way to do it.

Hi, So to clarify,

My VIP is on Subnet A - With a self IP address on the BIGIP unit

My pool members are on Subnet B.

In order for automap to work do I need a self IP address for Subnet B on the Bigip Unit? - is this what the automap will translate the source IP to...

Or Will AutoMap change the source IP address to the SelfIP address of the Virtual Sever on Subnet A?

If your BigIP does not have an actual interface on Subnet B, it will use the self IP address of the egress interface that it uses to get to subnet B. Take a look at your routing configuration on the BigIP. Whatever route is used to get to subnet B, it will use the self IP of that interface.