F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Todd_93078's avatar
Todd_93078
Icon for Nimbostratus rankNimbostratus
Oct 22, 2012

iRule for 1-to-1 NAT

I have two ISP connections (ISP 1 and ISP 2) setup in a wildcard outbound VC called Internet. Creative I know. I also have a single NAT setup for a Polycom Teleconference unit. I used a NAT to keep it on ISP1 only for inbound traffic reasons (better bandwidth). The problem is that randomly the polycom does not work. After testing we found that the outbound traffic is still load balancing (ie going out the wrong connection sometimes), so when traffic leaves through ISP 2, video stops working.

 

NAT inside 10.10.7.3 to outside 123.123.123.111

 

Tech support recommended an iRule but I can't seem to get this to work. So, I have the following rule added to the Internet VC:

 

 

when CLIENT_ACCEPTED {

 

if { [IP::addr [IP::client_addr] equals 10.10.7.3 ] }{

 

snat 123.123.123.111

 

pool ISP1-Only

 

}

 

}

 

 

*(ISP1-only pool only has the ISP1 gateway in it.)

 

 

Any ideas on what is going wrong?

 

 

Thanks,

 

Todd

 

application delivery
dev
devops
iRules

11 Replies

Show More
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Nov 08, 2012
    So the outbound and inbound are through the same VS? And the inbound is initiated from 'outside' (i.e. it starts the TCP/IP three way handshake).

     

     

    Could you not SNAT all the 10.10 addresses to a single SNAT IP, your rule would be much shorter as you could use a switch statement.

     

     

    I still have a feeling I don't quite understand the traffic flow!