Forum Discussion

Cirrocumulus

Jul 31, 2008

Forming a 'tunnel' between F5 pairs...

I have an idea... Well... It's a possible solution for an interesting challenge I have. Is it possible for an iRule to ALTER an IP field (e.g. srcIP/port) in a packet before tra...

Employee

Jul 31, 2008

For TCP, you can do this with something like this....

On client side vip

- snat to LTM address

- point to pool which contains remote side LTM vip as a member (or use node command)

- iRule to insert src/dst IP/port at beginning of TCP payload

- serverside ssl

On server side vip

- clientside ssl

- irule to extract original src/dst IP/port and remove it from beginning of TCP payload

- use src IP/port information from previous step with snat command, use dst IP/port with node command

For UDP, you probably can do as well but without ssl. (other encryption may work)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Forming a 'tunnel' between F5 pairs...

Tyler - May 2026 Featured Member

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

F5 Send email and snmp trap from LTM log event

shame on f5

Dynamic import of data groups

ASM allow specific url from outside country of geolocation ON

AWAF Detection Inconsistency Between Similar Test Payloads

Related Content

GRE Tunnel Issue

SSL VPN Split Tunneling and Office 365

DNS Tunnel Mitigation v2

Form Based SSO for Dynamically built HTTP forms

DNS Tunneling Protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS