Forum Discussion
kps_202810
Nimbostratus
NimbostratusLTM in one arm mode and snat
i have deployed f5 ltm in single arm mode and for security reasons i have created snat pool. where my virtual server and the real server are in same subnet, but my snat pool ip is in different subnet. when i tried initiating traffic from outside traffic is not hitting my real server. Note: if i give the snat ip in the same subnet of virtual server then the connection is succesfull. since the snat ip is in different subnet i have put the route in the firewall say for snat subnet gateway is f5 self ip, which is default gateway of our f5 as well as real server
can anyone help me to sort this issue.
skfads_167852Hi kps,
Deviating a little why do you want to SNAT if the virtual & pool are in same subnet?
kps_202810Hi Fahad, For compliance reason we need to perform snat. But i would like to know is there any possibility to make it work.
Stanislas_Piro2Cumulonimbus
Hi,
Your issue is caused by the firewall which drop asymmetric connections.
add a route to the SNAT pool subnet with the F5 self IP as gateway on the real server.
- kps_202810
Hi stanislas,
Apart from adding route to the real server is there any other way to address this issue.
- Stanislas_Piro2
First, validate adding a route resolve the issue.
if the issue is resolved with new route, you need to change your configuration by adding firewall and F5 interfaces or something else...
this is not a F5 issue but an IP issue...
- skfads_167852
If the forward traffic towards the reals from LTM does not traverse the firewall, then the return traffic will be dropped.