For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

dichotomouse's avatar
dichotomouse
Icon for Nimbostratus rankNimbostratus
Mar 05, 2018

Does anyone know why a NAT can't share a public IP address with a VS?

I've read and heard this is is not allowed but, it is possible to save such a config and I haven't seen any problems with the servers that I have done it on. The reason I have used it is: we need some mail servers to have the same public IP outbound and inbound.

 

However, our WAN connection is in a separate partition/route domain from our VS'. It seems that a SNAT simply won't work across route domains for some reason so I used a NAT temporarily.

 

application delivery
BIG-IP
LTM

1 Reply

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Mar 05, 2018

    I think that is a viable solution to have a NAT address and VIP address the same. Note that inbound traffic will prefer the VIP (see Order of Preference

     

    A NAT is an inbound and outbound listener. A SNAT is an outbound listener and can't receive traffic on the translation address, hence why it's called Secure NAT.

     

    Hope this makes sense.

     

    N