For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Billy_Tolcher_1's avatar
Billy_Tolcher_1
Icon for Nimbostratus rankNimbostratus
Oct 17, 2005

isnat configuration - versiion 4.5

please assist -     ===============   I have found a lot of information on isnat configurations with 9.0, but there isn't much mention of 4.5 rules anymore.   ===============     ...
application delivery
dev
devops
iRules
v4
Martin_Machacek's avatar
Martin_Machacek
Historic F5 Account
Oct 17, 2005
Billy,

first let me better understand you requirements. They seem to be little bit contradictory (at least to me :-)). In the beginning you describe pretty standard VIP bounce-back configuration, but later (in your desired rule example) you show a selective SNAT based on content of HTTP URI. Do you really need the SNAT to be triggered based on the presence of "server=1" in the URI, or is it enough to trigger it based on VLAN and source address (which is enough for the bounce-back to work)?

For the standard bounce you can use following configuration:


snat map {  to  vlans vlan1 vlan3 disable }
snat  netmask

If you really need to tie the SNAT to the rule, you can use (as unRuleY called it) YASF (Yet Another Stealth Feature) called snatpool. Your configuration may look like this:


snatpool snat_on_vlan2 {
  member 1.2.3.4
}
if (http_uri contains "server=1") {
  use pool 1_pool
  use snatpool snat_on_vlan2
}
else if (http_uri contains "server=2") {
  use pool 2_pool
}
else if (http_uri contains "server=3") {
  use pool 3_pool
}
else {
  use pool hr_pool
}

The configuration system will automagically add following statement to your config:


snat translation 1.2.3.4

Please, keep in mind that snatpools are stealth, undocumented and hence also unsupported feature in v4.x.