F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

dichotomouse's avatar
dichotomouse
Icon for Nimbostratus rankNimbostratus
Mar 05, 2018

Does anyone know why a NAT can't share a public IP address with a VS?

I've read and heard this is is not allowed but, it is possible to save such a config and I haven't seen any problems with the servers that I have done it on. The reason I have used it is: we need some mail servers to have the same public IP outbound and inbound.

 

However, our WAN connection is in a separate partition/route domain from our VS'. It seems that a SNAT simply won't work across route domains for some reason so I used a NAT temporarily.

 

application delivery
BIG-IP
LTM

1 Reply

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Mar 05, 2018

    I think that is a viable solution to have a NAT address and VIP address the same. Note that inbound traffic will prefer the VIP (see Order of Preference

     

    A NAT is an inbound and outbound listener. A SNAT is an outbound listener and can't receive traffic on the translation address, hence why it's called Secure NAT.

     

    Hope this makes sense.

     

    N