Forum Discussion
domokos_23867
Nimbostratus
NimbostratusBIGIP LTM - Outbound DESTINATION NAT
Hello,
I have the following constraints. The customer has an instance in AWS. We have an IPSEC Tunnel between the F5 in the data center and AWS. The subnet used in AWS for various reasons cannot be routed inside our DC network. So for traffic initiated from AWS I have a forwarding VS that does SNAT and the routing layer between the F5 and the server has no issues as the SNAT IP is an IP on a internal subnet (say 1.0.0.1). However if the servers in the DC need to initiate the connection to servers outside, the only solution I can think of is using destination NAT. So the internal server (10.0.0.1) will send traffic to 1.0.0.2 and the F5 would need to NAT that destination to the real IP (say 192.168.1.2). 1to1 NAT is possible on the F5 but it always assumes a source IP being NATed not a destination IP. Any ideas how I can have the destination NAT done?
Thank you Carol
PeteWhiteEmployee
You can use a Layer 4 virtual server instead. ie a VS with the internal network IP of the AWS server ( 10.0.0.2 ), the pool member as the actual IP of the AWS server and use the SNAT to change the source address as well. You can set loose init and loose close on the fastL4 profile to make it act like a router.
The problem is that you are doing forwarding on your VS, where the destination address is not changed.
domokos_23867Thank you. I tried it and it seems to work fine.
- PeteWhite
You can use a Layer 4 virtual server instead. ie a VS with the internal network IP of the AWS server ( 10.0.0.2 ), the pool member as the actual IP of the AWS server and use the SNAT to change the source address as well. You can set loose init and loose close on the fastL4 profile to make it act like a router.
The problem is that you are doing forwarding on your VS, where the destination address is not changed.