changing outgiong SNAT based on Requesting IP

Question

Right now I have the following:&nbsp;&nbsp;Any UDP 500 requests get snatted to let say 10.10.12.1 (public ip) so any UDP 500 traffic goes out as an IP i want the request to come back on.&nbsp;&nbsp;&nbsp;I have another VS that listens on that IP 10.10.12.1 and forwards it to the firewall behind it.&nbsp;&nbsp;&nbsp;The problem I am having is using a VPN client from the inside isn't working because I think it gets sent to the firewall and not to the requesting computer on the inside.  What I would like to do is:&nbsp;&nbsp;&nbsp;If the UDP 500 request is coming from internal subnet of 192.168.1.0/24 then snat it to 11.11.11.1 &nbsp;&nbsp;&nbsp;how can I do that with an irule&nbsp;

naladar_65658 · Answer

Hoolio answered a similar post on iRules and SNAT'ing, perhaps it will get you going in the right direction: 
&nbsp;  
&nbsp; https://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/61990/showtab/groupforums/Default.aspx 
&nbsp;  
&nbsp;  when CLIENT_ACCEPTED {  
&nbsp;    
&nbsp;      Check if client is in 192.168.1.0/24 subnet  
&nbsp;     if {[IP::addr [IP::client_addr] equals 192.168.1.0/24]}{  
&nbsp;    
&nbsp;         Use the snatpool  
&nbsp;        snatpool snatpool_11.11.11.1 
&nbsp;     }  
&nbsp;  }

Forum Discussion

changing outgiong SNAT based on Requesting IP

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

iRules variables in BIG-IP Next: behavior change

Logging DNS Requests

Change admin account

Distributed caching of authentication requests with NGINX Ingress Controller

How can I redirect an HTTP request to a Proxy and change the Destination?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS