How to perform NAT only when Server is acessing it VS

Question

Hi,&nbsp;
I have a need to configure a Big-IP LTM in order that the real servers can also contact its Virtual Server, but have its IP NATed for this comunnication.
This Servers also need to contact other Servers and have to cross the F5 for this comunication without having the IP NATed in this case.&nbsp;
How can we configure this conditional NAT?&nbsp;
Regards&nbsp;

ed_summers · Answer

Since you don't want to SNAT the servers when they're accessing other objects through the BIG-IP, one solution would be to apply an iRule to your Virtual Server that performs the SNAT. The below assumes you have created a data group called 'the_servers' that contains IP addresses of the servers to which you wish to apply SNAT. Create and populate the data group, create the iRule, and apply the iRule to your VS.
when CLIENT_ACCEPTED {
    if { [class match [IP::client_addr] equals the_servers] } {
        snat automap
    }
}

I used automap as an example, but if you have a specific SNAT address you can use that as well.
References:
SNAT article
Snatpool article - in case you need a snatpool instead of SNAT

Forum Discussion

How to perform NAT only when Server is acessing it VS

Recent Discussions

Inquiry About the "ast-api-discovery" Repository

SNI Sites not taking correct certificate.

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

Can i apply ddos profile on virtual server using port range

ASM Export JSON - size Limit ?

Related Content

Understanding Performance Metrics and Network Traffic

Performance Logging iRule (Rule_http_log)

Intermediate iRules: Evaluating Performance

Security First, Performance Always: How F5 Drives Citrix VDI Excellence in Application Delivery

Perform out-of-place upgrade of vCMP guests via Ansible

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS