Forum Discussion

Nimbostratus

Oct 08, 2014

External to External SNAT

I have a situation where an existing f5 has to subnets attached as external. In this one case, we need to SNAT between the two external networks. Is this possible?

application delivery

BIG-IP Access Policy Manager (APM)

Nimbostratus

Oct 08, 2014

hello,

my guess would be something like this below that uses data groups to define what the client ip would match in order to be snat'd. my example below says use snat default would be an ending like snat automap, but the rule below has snat none.

when CLIENT_ACCEPTED {
log local0. "[IP::client_addr]:[TCP::client_port]: New connection to [IP::local_addr]:[TCP::local_port]"
if {[matchclass [IP::client_addr] equals EXTERNAL_SUBNET]}{
   log local0. "[IP::client_addr]:[TCP::client_port]: Matched EXTERNAL SUBNET"
  snat X.X.X.X
 } else {
   log local0. "[IP::client_addr]:[TCP::client_port]: No match, using default snat"
  snat none  
}

}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)