Forum Discussion

MarkMackie_5812's avatar
MarkMackie_5812
Icon for Nimbostratus rankNimbostratus
Feb 27, 2012

changing outgiong SNAT based on Requesting IP

Right now I have the following:

 

 

Any UDP 500 requests get snatted to let say 10.10.12.1 (public ip) so any UDP 500 traffic goes out as an IP i want the request to come back on.

 

 

 

I have another VS that listens on that IP 10.10.12.1 and forwards it to the firewall behind it.

 

 

 

The problem I am having is using a VPN client from the inside isn't working because I think it gets sent to the firewall and not to the requesting computer on the inside. What I would like to do is:

 

 

 

If the UDP 500 request is coming from internal subnet of 192.168.1.0/24 then snat it to 11.11.11.1

 

 

 

how can I do that with an irule

 

1 Reply

  • Hoolio answered a similar post on iRules and SNAT'ing, perhaps it will get you going in the right direction:

     

     

    https://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/61990/showtab/groupforums/Default.aspx

     

     

    when CLIENT_ACCEPTED {

     

     

    Check if client is in 192.168.1.0/24 subnet

     

    if {[IP::addr [IP::client_addr] equals 192.168.1.0/24]}{

     

     

    Use the snatpool

     

    snatpool snatpool_11.11.11.1

     

    }

     

    }