NimbostratusCGNAT and IP forwarding Simultaneously for exception flows
I have scenario according to the diagram using VIPRIOM 2400 platform as CGNAT solution. I'm using CGNAT for translating our clients(SRC: 100.64.0.0/10) for Internet access. In our regular scenario F5 box translate client address for both Internet access and our internal servers. Now we have a situation where we need our clients connected to an internal web-server(172.16.1.1) with their actual IP address(100.64.0.0/10)). for this purpose I created two 'IP forwarding' matching web-server IP address in each direction. the point is I've Created CGNAT virtual server for Internet access and LTM Virtual server for matching traffic to/from local web server.
Clients Internet access which works without any problem. but It seems web-server virtual server doesn't match with any traffic.
ltm virtual CGNAT-BRAS--ACCESS-01 {
description CGNAT-BRAS--ACCESS-01
destination 0.0.0.0%101:any
mask any
profiles {
CGNAT-L4 { }
}
source 100.64.0.0%101/10
source-address-translation {
pool CGNAT-ACCESS-01
type lsn
}
translate-address disabled
translate-port disabled
vlans {
VLAN-40
}
vlans-enabled
vs-index 26
}
ltm profile fastl4 CGNAT-L4 {
app-service none
defaults-from fastL4
loose-close enabled
loose-initialization enabled
reassemble-fragments enabled
reset-on-timeout disabled
}
ltm virtual local-web-forwarding-client-side {
destination 172.16.1.1%101:any
l2-forward
mask 255.255.255.255
profiles {
Forwarding_VS { }
}
source 100.64.0.0%101/10
translate-address enabled
translate-port disabled
vlans {
VLAN-40
}
vlans-enabled
vs-index 46
}
ltm virtual local-web-forwarding-network-side {
destination 100.64.0.0%101:any
ip-forward
mask 255.192.0.0
profiles {
Forwarding_VS { }
}
source 172.16.1.1%101/32
translate-address disabled
translate-port disabled
vlans {
VLAN-41
}
vlans-enabled
vs-index 47
}
ltm profile fastl4 Forwarding_VS {
app-service none
defaults-from fastL4
idle-timeout 300
loose-initialization enabled
reset-on-timeout disabled
}