F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Angel_389033's avatar
Angel_389033
Icon for Nimbostratus rankNimbostratus
Apr 22, 2019

How to choose ip from snat pools

Hi experets,   I am new to this F5. I have created a SNAT pool and a SNAT list and my question is how does this work for translating the address? For example, a new connection to destination IP a...
application delivery
LTM
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
Apr 23, 2019

Hi,

take the simple case. you have no cluster but only one member (so no floating IP but only an self IP).

On your VS you cans set snat Automap or snat pool (if you have configured one).

  • Snat Automap:

this allow to nat the source IP address of the user with the selfIP (from the egress). the output vlan depends on the routes you have configured.

so to summarize the function "Snat Automap" allows to NAT the source IP of the user but not the IP destination.

  • Snat Pool:

The "Snat Pool" is identical to the automap. the difference is that you can set multiple IP addresses (this is useful when you have more than 65000 user connection and you exceed the number of connections supported by IP...).

Below point that interest you:

When using a SNAT pool with IP addresses from the egress VLAN (the VLAN for which the packet exits in the BIG-IP system) and non-egress VLAN networks, the egress VLAN network address is given higher priority. For example, egress VLAN external has a self IP of 172.16.0.254/24, and SNAT pool member addresses of 172.16.0.1/24 and 10.1.1.1/24. The BIG-IP system prefers the egress VLAN SNAT pool member address 172.16.0.1, and will continue to use the same address until it becomes unavailable.

For more info: https://support.f5.com/csp/article/K7820

You can also use an Irule depending your destination address in order to select the right SNAT POOL IP.