Forum Discussion

Cirrostratus

Jul 30, 2019

Solved

iRule for Conditional SNAT

i need to configre iRule for Conditional SNAT while (10.10.10.1 & 10.10.10.2) connecting to the VS SNAT will be 10.214.214.148 and the rest of clients the SNAT will be 10.214.214.147 current setup...

Jul 30, 2019

Hi,

Do you really need the SNAT pool, or you just need to definean IP address to SNAT on iRule?

e.g.

# Classic syntax
when CLIENT_ACCEPTED {
    if { [IP::client_addr] eq "10.10.10.1" || [IP::client_addr] eq "10.10.10.2" } {
        snat 10.214.214.148
    } else {
        snat 10.214.214.147
    }
}
 
# Short way
when CLIENT_ACCEPTED {
    if { "10.10.10.1, 10.10.10.2" contains [IP::client_addr] } {
        snat 10.214.214.148
    } else {
        snat 10.214.214.147
    }
}
 
# Expansive way, increase list when needed
when CLIENT_ACCEPTED {
    switch [IP::client_addr] {
        10.10.10.1 -
        10.10.10.2 {
            snat 10.214.214.148
        }
        default {
            snat 10.214.214.147
        }
    }
}

You must change line from "snat <IP ADDR>" to "snatpool <POOLNAME>" if you need to use a SNAT pool.

I hope it helps.

Dario_Garrido

Noctilucent

Jul 30, 2019

Hello.

I would use also one the cjunior irules, but take into account that it's possible to configure this directly without iRule using 2 virtuals with different source ip. For example.

ltm virtual DPG-Staging-5006
	description Cube
	destination 192.168.30.147:pxc-spvr
	ip-protocol tcp
	mask 255.255.255.255
	source 0.0.0.0/0
	source-address-translation
	pool DPG-147
	type snat
 
ltm virtual DPG-Staging-5006_2
	description Cube
	destination 192.168.30.147:pxc-spvr
	ip-protocol tcp
	mask 255.255.255.255
	source 10.10.10.0/30
	source-address-translation
	pool DPG-148
	type snat

REF - https://support.f5.com/csp/article/K14800

Also using policies.

REF - https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/local-traffic-policies-getting-started-12-1-0/1.html

KR,

Dario.