Forum Discussion

chris_16019's avatar
chris_16019
Icon for Nimbostratus rankNimbostratus
Dec 01, 2008

iRule & SNAT

Hi - I was hoping someone may be able to offer some assistance or point me at a URL that will help with some configuration work that is required.     Background - I have a backend server th...
application delivery
dev
devops
iRules
naladar_65658's avatar
naladar_65658
Icon for Altostratus rankAltostratus
Dec 02, 2008
I am far from being an expert on such things... that being said. You might try just turning on some logging and then throw some traffic at it. That way you can see if it is even being executed.

 

 

when CLIENT_ACCEPTED {

 

log local0. "[IP::local_addr]:[TCP::local_port]: Client Accepted"

 

if { [IP::addr [IP::local_addr] equals "A.A.A.A"] } {

 

log local0. "[IP::local_addr]:[TCP::local_port]: Using the A.A.A.A SNAT"

 

use snat Z.Z.Z.Z

 

} elsif { [IP::addr [IP::local_addr] equals "B.B.B.B"] } {

 

log local0. "[IP::local_addr]:[TCP::local_port]: Using the B.B.B.B SNAT"

 

use snat Y.Y.Y.Y

 

} else {

 

log local0. "[IP::local_addr]:[TCP::local_port]: Using the Default X.X.X.X SNAT"

 

use snat X.X.X.X

 

}

 

 

 

Also, I do not believe it is possible to use the f5 to modify/change or even read traffic going over SSL when the f5 is not holding the SSL keys. So if your offloading all the SSL stuff to a different device I believe you are limited in what you can do with that traffic.