iSNAT based on destination address?

Question

Hello Everyone,&nbsp;
&nbsp;we have req.to use iSANT where only selected traffic flows need to be SANTed. We are trying to use "destination IP" as a selection critera? -
&nbsp;example: We only need to SANT the traffic from source IP addresss (x.x.x.1, x.x.x2) to destination y.y.y.1 but all other traffic from the sources (x.x.x.1, x.x.x2) should be left unchnaged.&nbsp;
&nbsp;I wanted to how we can achieve it and if anybody has used it
&nbsp;how efficiant (performance wise) it is using in production network where about 25M internet/intranet traffic passing thru the F5?

kykong_107132 · Answer

Hi,&nbsp;
&nbsp;I have come out a sample irule, hope it work in your environment. basically, you need to create a data group name it as clientIP with all the client IP address as the member. then in your irule, you use matchclass commmand to match the clientip address. happy trying.&nbsp;
&nbsp;class clientIP {
&nbsp;  x.x.x.1
&nbsp;  x.x.x.2
&nbsp;}&nbsp;
&nbsp;when CLIENT_ACCEPTED {
&nbsp;  if { [matchclass[IP::client_addr] eq $::clientIP] and [IP:addr [IP::local_addr] eq y.y.y.1]} {
&nbsp;    snat z.z.z.1
&nbsp;  } else {
&nbsp;    gateway_pool
&nbsp;  }
&nbsp;}

Forum Discussion

iSNAT based on destination address?

1 Reply

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

rSeries Management route

About DNS irule TCL error

UCS restore via REST with additional options

[APM] - How to clear the cached certificate for specific url

Universal Persistence w. AS3 vs. SCF - the same but not the same

Related Content

Destination address at F5

CSV to Address External Datagroup File

Block destination IP by source IP

DESTINATION HOST UNREACHABLE

Decoding the IPv4 address from the persistence cookie

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS