F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Jul 31, 2008

Forming a 'tunnel' between F5 pairs...

  I have an idea... Well... It's a possible solution for an interesting challenge I have.     Is it possible for an iRule to ALTER an IP field (e.g. srcIP/port) in a packet before tra...
application delivery
dev
devops
iRules
Nat_Thirasuttakorn's avatar
Nat_Thirasuttakorn
Icon for Employee rankEmployee
Jul 31, 2008
For TCP, you can do this with something like this....

 

On client side vip

 

- snat to LTM address

 

- point to pool which contains remote side LTM vip as a member (or use node command)

 

- iRule to insert src/dst IP/port at beginning of TCP payload

 

- serverside ssl

 

 

On server side vip

 

- clientside ssl

 

- irule to extract original src/dst IP/port and remove it from beginning of TCP payload

 

- use src IP/port information from previous step with snat command, use dst IP/port with node command

 

 

For UDP, you probably can do as well but without ssl. (other encryption may work)