Forum Discussion

MarkMackie_5812's avatar
Icon for Nimbostratus rankNimbostratus
Feb 27, 2012

changing outgiong SNAT based on Requesting IP

Right now I have the following:



Any UDP 500 requests get snatted to let say (public ip) so any UDP 500 traffic goes out as an IP i want the request to come back on.




I have another VS that listens on that IP and forwards it to the firewall behind it.




The problem I am having is using a VPN client from the inside isn't working because I think it gets sent to the firewall and not to the requesting computer on the inside. What I would like to do is:




If the UDP 500 request is coming from internal subnet of then snat it to




how can I do that with an irule


1 Reply

  • Hoolio answered a similar post on iRules and SNAT'ing, perhaps it will get you going in the right direction:








    Check if client is in subnet


    if {[IP::addr [IP::client_addr] equals]}{



    Use the snatpool


    snatpool snatpool_11.11.11.1