Change outgoing NAT

Question

Hi,&nbsp;&nbsp;Looking for the irule that can change the outgoing IP address based on destination, I've seen it but can't find it anymore. &nbsp;&nbsp;&nbsp;Background: We have multiple local subnets which we use currently use for outgoing connections. We need to migrate this to an F5 LC but can't use the standard (S)NAT. Later this will be moved to BGP to allow us to provide only one entry to vendors as our originating address.&nbsp;&nbsp;&nbsp;Thanks for any help.&nbsp;&nbsp;&nbsp;

nitass · Answer

is it something like this? 
  
 when CLIENT_ACCEPTED {
   if { [class match -- [IP::local_addr] equals dest1_dg] } {
      snat 1.1.1.1
   } elseif { [class match -- [IP::local_addr] equals dest2_dg] } {
      snat 2.2.2.2
   } else {
      snat 3.3.3.3
   }
}

renevdb_80118 · Answer

Thanks, yes that looks like what we are trying. Would it be possible to create pools for the sets1_dg and dest2_dg?

hoolio · Answer

Yes, you could assign a specific pool in each clause.

when CLIENT_ACCEPTED {
   if { [class match -- [IP::local_addr] equals dest1_dg] } {
      snat 1.1.1.1
      pool pool_a
   } elseif { [class match -- [IP::local_addr] equals dest2_dg] } {
      snat 2.2.2.2
      pool pool_b
   } else {
      snat 3.3.3.3
      pool pool_c
   }
}

Aaron

renevdb_80118 · Answer

Will something like this work? 
&nbsp;  
&nbsp; when CLIENT_ACCEPTED { 
&nbsp;    if { [class match -- [IP::local_addr] equals pool pool_a] } { 
&nbsp;       snat 1.1.1.1 
&nbsp;    } elseif { [class match -- [IP::local_addr] equals pool pool_b] } { 
&nbsp;       snat 2.2.2.2 
&nbsp;    } else { 
&nbsp;       snat 3.3.3.3 
&nbsp;    } 
&nbsp; }

nitass · Answer

dest1_dg and dest2_dg are data group containing destination ip address. why do you want to use pool (in class match) instead??

Forum Discussion

Change outgoing NAT

7 Replies

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions

ASM attack signatures not syncing between active and standby F5

Hardware BIG-IP appliance reach EOSS, but the software version running on it not yet?

VPN Communication Error with F5 BIG-IP Edge Client

simultaneous disabling / enabling of all LTM objects

Query on source IP preservation for syslog traffic through F5 virtual server

Related Content

BIG-IP AFM設定例-NAT

Bulk Nat Creation

Audit WAF changes

F5 Per-App AS3 Part 2 How to see if there are manual changes!

NAT for specific IPs