For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

karthicksankark's avatar
karthicksankark
Icon for Altostratus rankAltostratus
Nov 01, 2023
Solved

Multiple SNAT pools under a single VIP

Hi Folks, 

I need some help on having two SNAT pools under a single VIP. We have a VIP that contains 4 nodes present at two different locations (2 nodes in A location and other 2 nodes in B location), having different subnets (we have separate routes to reach each location). What we want to achieve here is to have two different SNAT pools under a single VIP, each dedicated for each subnet.

let us say, I have 2 nodes under subnet 10.0.0.0/24 and 2 nodes under 20.0.0.0/24 such that traffic uses SNAT POOLs used: SNAT-1-->members--> 11.1.1.1 & 11.1.1.2 to reach nodes 10.0.0.0/24. SNAT-2-->members--> 12.1.1.1 & 12.1.1.2 to reach nodes 20.0.0.0/24.

I'm using the following irule but it throws errors. error 1. missing an expression, error 2. undefined procedure,

when LB_SELECTED {
  if { [IP::addr [LB::server addr] equals 10.0.0.0/24] } {
    snatpool snat-1
  } else if { [IP::addr [LB::server addr] equals 10.0.0.0/24] } {
      snatpool snat-2
  }
}

Please help to achive the requirement. 

application delivery
security
  • Niels_van_Sluis's avatar
    Niels_van_Sluis
    Nov 01, 2023

    Try removing the space between else and if.

    when LB_SELECTED {
  if { [IP::addr [LB::server addr] equals 10.0.0.0/24] } {
    snatpool snat-1
  } elseif { [IP::addr [LB::server addr] equals 20.0.0.0/24] } {
      snatpool snat-2
  }
}

     

     

1 Reply

  • Niels_van_Sluis's avatar
    Niels_van_Sluis
    Icon for MVP rankMVP
    Nov 01, 2023

    Try removing the space between else and if.

    when LB_SELECTED {
  if { [IP::addr [LB::server addr] equals 10.0.0.0/24] } {
    snatpool snat-1
  } elseif { [IP::addr [LB::server addr] equals 20.0.0.0/24] } {
      snatpool snat-2
  }
}