For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

meena_60183's avatar
meena_60183
Icon for Nimbostratus rankNimbostratus
Jun 20, 2008

clarification on SNAT and automap

Hi All,     I thought I understood SNAT very well but now I am really confused about SNAT and automap. I wish SNAT is called client NAT and Server NAT depending on which address gets NATed....
config
design
Micros_88999's avatar
Micros_88999
Icon for Nimbostratus rankNimbostratus
Aug 30, 2009
Hi Aaron,

 

 

Scenario is: Inet -> Cisco ASA (NAT) -> BigIP -> DMZ web servers (Physical + VMs) -> Switch -> MPLS Router.

 

 

The def. gw for the app servers (those who are pool members) is not the BigIP as we do not want to mess around with routing: we send them towards the Core switch (internal access) and ultimately towards the MPLS router.

 

 

All VSs for the DMZ servers have SNAT enabled but for some applications we`d need to have visible source IPs not the floating IP. Currently, if SNAT automap is disabled: the app servers can not be reached from outside.

 

 

I might need to check on that scenario up there, but 90% sure now. My understanding was: if I create a SNAT pool with the source IPs: the BigIP will perform SNAT but will keep the `real` IPs for the application visible? Am I totally wrong there?

 

 

Cheers:

 

 

Andy