Forum Discussion
millencol1n_619
Nimbostratus
NimbostratusNat - multiple networks
Hi,
i´ve a problem with nat...
i use the following setup:
internal network 10.x.x.x -> some servers out of that network are natted to 62.1.1.x and some to 62.1.2.x
the default route on the f5 is 62.1.1.1 and now i´m facing the problem that all hosts natted to 62.1.2.x have problems in setting up a valid tcpip connection. ping works but all other connections are resetted.
mabye someone can help me out here...
looks like there´s a need for source routing or something similar...
anyone can help me out here?
cheers!
Ajit_Mohan_2587I am having the same issue. below is my scenario
Server A IP: 10.82.26.x/24 - Internal VLAN-A
NAT'ed External IP: 10.82.126.x/24 - External VLAN-B
Server B IP: 10.82.86.x/24 - Internal VLAN-C
NAT'ed External IP: 10.82.186.x/24 - External VLAN-D
Default Route on the F5 is 10.83.128.1
Issue is I am able to ping machines in the remote datacenter from Server A and Server B, but cannot SSH / RDP to any machine. The TCP connections are being reset. Since we have multiple VLAN's per VLAN default gateway as mentioned in the article above is not an option because the source IP of the server will be the SNAT IP instead of the NAT IP.
Any idea why NAT's won't work in multiple networks.
Thanks
L4L7_53191What device is actually replying to the ping? It may be the BigIP...Which device is actually issuing the RST?
You can have multiple gateways, multiple vlans, etc. - that's not an issue. For a setup like this, I'd consider using forwarding virtual servers that point to a gateway pool - which can be a single address - that you care about.
E.g. setup a virtual like 10.82.186.0:0, turn off port translation, and point that virtual to a pool with a single member of your gateway address for that particular remote network (this pool member should be listening on port zero). Also bind a source nat (snat) address to this VIP that will force the route back to BigIP on return traffic.
Route domains may also be an option here, but I don't have much experience with them.
-- Matt- Ajit_Mohan_2587Thanks Matt.
Using the forwarding virtual server and binding a SNAT will change the source address.
For e.g Client users access the server for management purposes using the NAT IP (in my case 10.82.186.10). Now when they are connected to the server and they try to access any other machine on their network (outgoing from LTM) the source IP should be the NAT IP 10.82.186.10. If I use a forwarding virtual server with a SNAT then the outgoing traffic will have the SNAT IP instead of the NAT IP.
All I am trying to do is for management traffic I want to use NAT and for load balancing the servers I will create Virtual Servers.
I was trying a couple of things and found that disabling "VLAN-Keyed Connections" fixed the TCP reset issue and I am able to access the machines using the NAT IP's. Now I am not very sure what "VLAN-Keyed Connections" option does....the documents doesn't have much information about it.
Thanks,
Ajit 
John_Pribula_10How do you enable a pool on a forwarding virtual server is it the last hop pool?