Forum Discussion
Looking for an iRule that will take the same IP from SNAT Pool as that of the source IP.
You can disable or enable SNAT at the network access level in the APM, this will let the user connected through network access client go to the target network with the IP from the NA lease pool
Hello Kadimi,
Thank you for your reply. I would have done the same solution if my F5 had a self-IP from all the subnets in my org, and reached out to the backend subnets.
My design is to send all client VPN traffic to a gateway, which is a design provided by F5 with a KB K18487629 . Which provides this, buy sending all client VPN traffic to a gateway (firewall).
However, this does not happen unless i enable SNAT automap or SNAT with SNAT pool.
SNAT automap uses self ip to for all client IP addresses (meaning replaces source IP with F5 self IP for all clients). SNAT pool chooses the pool of IP from the SNAT pool list.
hence, checking for an irule . Also have raised a feature request with F5 for this, so the source IP remains as it is. I was able to get an irule working but had to it for the entire subnet of IP.
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 172.16.48.10/32] }{snat 172.16.48.10}
if { [IP::addr [IP::client_addr] equals 172.16.48.11/32] }{snat 172.16.48.11}
if { [IP::addr [IP::client_addr] equals 172.16.48.12/32] }{snat 172.16.48.12}
.
.
.
till end of subnet- a long one but was looking if someone had a better irule.
}
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com