Forum Discussion

tranchungdt5_93's avatar
tranchungdt5_93
Icon for Nimbostratus rankNimbostratus
Jun 08, 2009

LinkController without SNAT ?

Hi all.

 

I have a box BIG-IP LTM (with license both of LTM & LinkController ).

 

I have 2 ADSL as:

 

---------------- ------------------

 

- 203.162.0.x - - 210.245.0.y -

 

---------------- ------------------

 

| |

 

| |

 

| |

 

---------------------------------------------------

 

- 203.162.0.1 210.245.0.1 -

 

- F5 LTM -

 

- 172.16.1.x

 

---------------------------------------------------

 

|

 

ASA 5550

 

|

 

|

 

Clients

 

-------------------------------------------------

 

I have Vir 203.162.0.10 & Vir 210.245.0.10 for Inbound with SNAT. (Pool is server 's ip ASA). SNAT make BIG-IP choose correct gate-way to go out.

 

And the IP forwarding for ASA to outbound.

 

Default-gateway of BIG-IP is pool (203.162.0.1; 210.245.0.1) .

 

But I wonder that, SNAT make Sever can't collection information about Internet User (ip address).

 

1. Can I config LTM without SNAT in this situation ?

 

2. I need config LinkController for VPN site to site from Cisco Router800 (in Internet) to ASA5550. I wonder SNAT make ASA not understand Cisco Router 's ip add and can't make tunnel VPN.

 

Any body have the same problem?

 

Plz, help me.

 

Chung Tran
  • You can enable SNAT on the outbound virtual server and not enable SNAT on the inbound virtual server(s) which load balance requests from the external VLAN to the server(s).

     

     

    Aaron
  • You could enable SNAT (using automap or a SNAT pool) on the virtual server which allows access from the internal VLAN to the internet and not enable SNAT on the virtual server(s) which allow external clients to access your site(s).

     

     

    Aaron