Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Nicolas_ROMERO_'s avatar
Nicolas_ROMERO_
Icon for Nimbostratus rankNimbostratus
Dec 30, 2015

iRule SNAT for multiple ISP

Hi,   I tried to configure an iRule to SNAT specific LAN to a specific ISP (wan link). When I bind this iRule to my default VS (in fastL4) the iRule doesn't match when I generate traffic from my l...
application delivery
irules
isp
LTM
snat
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Dec 31, 2015

Hi Nicolas,

as Vernon already said the code as is looks fine and some debug line would definately help to troubleshoot the problem.

Also keep in mind that possible route domain sufixes may break the functionality of [IP::addr]. You may have to strip these %id suffixes before comparing the client ip.

 

when CLIENT_ACCEPTED { 
    set cli_ip [substr [IP::client_addr] 0 "%"] 
    if { ( [IP::addr $cli_ip equals X.X.X.X/26] ) or 
         ( [IP::addr $cli_ip equals Y.Y.Y.Y/26] ) } then {
        snat Z.Z.Z.Z pool default_gw_pool 
    } else {
        snatpool snat_pool-CLD_ALL 
        pool default_gw_pool 
    } 
}

 

Cheers, Kai