Forum Discussion

Craigus_200691

Nimbostratus

May 15, 2015

Basic SNAT Question

Hi, I appreciate that this question maybe basic but I want to validate my understanding of SNATS. Background : we don't want to change our servers regular default gateway to the F5 as we do not ...

application delivery

availability

BIG-IP Access Policy Manager (APM)

Cirrus

May 15, 2015

Pete is correct that SNAT Automap is the quickest and easiest. However, I don't use it because it makes troubleshooting via tcpdump difficult. If you use Automap, both the user traffic and the monitor keep-alive traffic will come from the self IP address of the egress VLAN. That makes it hard to differentiate between the two.

So I do something similar to what Craigus suggested. I create a SNAT Pool with an entry that is the same as the VS IP address. That way if I am using tcpdump I can filter with the ip address of the VS, either on the ingress interface to capture client side traffic or the egress interface for server side traffic. Of course if ingress and egress traffic is on the same interface, I can see both on a single tcpdump capture.

But if you don't plan to use tcpdump, SNAT automap is an quick and effective way to do it.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)