Forum Discussion
NimbostratusConditional SNAT for outbound traffic
Hello,
We have a cluster of web servers serving multiple VIPs , which occasionally need to make outbound requests to the Internet. For this purpose we use a SNAT over an external IP on the BigIP. We now have a case where these same web servers (on 10.2.x.x net) need to make requests to a different segment (10.20.x.x) on our internal network. The servers have their default routes pointing to the BigIP, and we do not wish to add a route to the destination network (10.20.x.x) on all the web servers. I added the 10.20.x.x route to the to the BigIP, but the SNAT overrides this so the requests go out through the external IP and therefore cannot get to the 10.20.x.x net.
Is there a way to make a SNAT dependent on the destination network? Or perhaps a better way to do this?
Thanks, Funkdaddy
3 Replies
natheCirrocumulus
How about a forwarding IP vs to the 10.20.x.x network and then use snat automap on this vs to return traffic back to the bigip? Dependent on version you can restrict this further and configure the Source too on the vs to be the web servers on the 10.2.x.x lan.
Hope that would work.
N
funkdaddy_31014N,
Thanks for your response - I was wondering if IP Forwarding was the solution. So, basically leave my existing (external) SNAT as-is, and just add an IP Fwding VS for the 10.20.x.x network, correct?
Curious, why is SNAT Automap necessary in this scenario?
Thanks, Funkdaddy
- natheYes. Snat automap is only required if the 10.20.x.x servers have a default gw other than the bigip. Might not be required.
