Forum Discussion

thananchai_pany's avatar
Icon for Nimbostratus rankNimbostratus
Mar 07, 2012

How to use iRule to create SNAT based on destination ip address

I'm use BIG-IP F5 Version: 11.1.0 (Build 1943.0)




I'm trying to configure outbound SNAT based on destination address.




I have three vlan on my f5.


For example, my vlan is public, front-end and back-end vlan.




I want to initiate outbound communication from front-end vlan to internet on public vlan.


I found I can use SNAT for it. And it work very well.




So if I initiate communication from front-end to back-end vlan. It use SNAT too.


But I don't want to use SNAT when communication from front-end to back-end vlan.




I'm want to use this iRule for solve this problem. But i don't know if this is the correct way to do it.







if { [class match [IP::server_addr] equals private_net]} {




} else {


snat 40.x.x.40











Anyone could suggest some example iRules?


2 Replies

  • Hi Thananchai,


    You will need to use [IP::local_addr] instead of [IP::server_addr]. This is because [IP::server_addr] is used when the server side connection is already established. This is not established on the CLIENT_ACCEPTED event.




    I hope this helps,