Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Carlos_Dias_320's avatar
Carlos_Dias_320
Icon for Nimbostratus rankNimbostratus
Aug 02, 2017

How to perform NAT only when Server is acessing it VS

Hi,   I have a need to configure a Big-IP LTM in order that the real servers can also contact its Virtual Server, but have its IP NATed for this comunnication. This Servers also need to contact ot...
application delivery
big-ip
LTM
Ed_Summers's avatar
Ed_Summers
Icon for Nimbostratus rankNimbostratus
Aug 02, 2017

Since you don't want to SNAT the servers when they're accessing other objects through the BIG-IP, one solution would be to apply an iRule to your Virtual Server that performs the SNAT. The below assumes you have created a data group called 'the_servers' that contains IP addresses of the servers to which you wish to apply SNAT. Create and populate the data group, create the iRule, and apply the iRule to your VS.

when CLIENT_ACCEPTED {
    if { [class match [IP::client_addr] equals the_servers] } {
        snat automap
    }
}

I used automap as an example, but if you have a specific SNAT address you can use that as well.

References:

SNAT article

Snatpool article - in case you need a snatpool instead of SNAT