Forum Discussion
CirrusLocal traffic Policy, SNAT action
Hi Guys,
Did anyone use Local traffic policy for applying SNAT to just one user? I can see in the action "SNAT", but at the match conditions I couldn't find source address, in TCP.
12 Replies
- nitass
Employee
but at the match conditions I couldn't find source address, in TCP.
no parameter means source address.
e.g.
root@(ve11c)(cfg-sync Disconnected)(Active)(/Common)(tmos) list ltm policy cpm1 ltm policy cpm1 { controls { forwarding } requires { tcp http } rules { rule1 { actions { 0 { forward select snat automap } } conditions { 0 { tcp address matches values { 172.28.24.0/24 } } } ordinal 1 } } strategy first-match }
refra_151287thanks nitass, but as per the below screenshot, I can't see address either, do I miss something? https://www.dropbox.com/s/e91wrzlzje9m873/nitass.PNG?dl=0
andrew_C1Nimbostratus
Hi, just wanted to say thax for this, This post is the only place i have been able to find how to use a Policy based off client ip address! The non existent documentation around policies is terrible. From my perspective i would rather uses a Policy if a can rather then an irule, so when i leave a customer i leave them with something that doesn't require an understanding of TCL and F5 specific functions/operators. thax nitass, in conditions, operand = tcp event = request parameters = LEAVE IT BLANK condition= matches values = IP and Prefix- andrew_C1Also i would up vote but i am to much of a peasant to be allowed (rep score to low)
nitass_89166Noctilucent
but at the match conditions I couldn't find source address, in TCP.
no parameter means source address.
e.g.
root@(ve11c)(cfg-sync Disconnected)(Active)(/Common)(tmos) list ltm policy cpm1 ltm policy cpm1 { controls { forwarding } requires { tcp http } rules { rule1 { actions { 0 { forward select snat automap } } conditions { 0 { tcp address matches values { 172.28.24.0/24 } } } ordinal 1 } } strategy first-match }- refra_151287thanks nitass, but as per the below screenshot, I can't see address either, do I miss something? https://www.dropbox.com/s/e91wrzlzje9m873/nitass.PNG?dl=0
- andrew_C1Hi, just wanted to say thax for this, This post is the only place i have been able to find how to use a Policy based off client ip address! The non existent documentation around policies is terrible. From my perspective i would rather uses a Policy if a can rather then an irule, so when i leave a customer i leave them with something that doesn't require an understanding of TCL and F5 specific functions/operators. thax nitass, in conditions, operand = tcp event = request parameters = LEAVE IT BLANK condition= matches values = IP and Prefix
- andrew_C1Also i would up vote but i am to much of a peasant to be allowed (rep score to low)
- nitass
but as per the below screenshot, I can't see address either, do I miss something?
what version are you using? it is added in 11.6.0.
ID409418 - CPM needs IP address/subnet matching
- refra_15128711.5.1 HF8
- nitass_89166
but as per the below screenshot, I can't see address either, do I miss something?
what version are you using? it is added in 11.6.0.
ID409418 - CPM needs IP address/subnet matching
- refra_15128711.5.1 HF8
