iRule for Conditional SNAT not working

Need help. iRule to perform source NAT based on source IP is not working. Requirement is "not to NAT" when source IP is from 172.21.10.0/24 and NAT for everything else. Even when I source it from the IP subnet 172.21.10.0/24 it still ends up getting source NAT'd.

 

Here is my iRule. Appreciate any help.

 

 

when LB_SELECTED {

 

if {[IP::addr [IP::client_addr] equals 172.21.10.0/24]} {

 

forward

 

} else {

 

snatpool SNAT-NATPOOLX

 

}

 

}

 

 

I also tried a longer as well but still the same result.

 

 

when LB_SELECTED {

 

if {[IP::addr [IP::client_addr] equals 172.21.10.0/24] and [IP::addr [LB::server addr] equals 172.21.30.48]} {

 

forward

 

} else {

 

snatpool SNAT-NATPOOLX

 

}

 

}

 

 

I also tried matchclass with Datagroup for the client address but still the same result.

 

 

when LB_SELECTED {

 

 

Check if client IP is in the client_class

 

if { [matchclass [IP::client_addr] equals $::nat-exempt-srvrs]}{

 

 

ENABLE source NAT. This overrides SNAT on the VIP or a default SNAT

 

snat none

 

forward

 

} else {

 

DISABLE source NAT. This overrides SNAT on the VIP or a default SNAT.

 

snatpool SNAT-NATPOOLX

 

}

 

}