Forum Discussion
Aubrey_King_278
Nimbostratus
Nimbostratusnat / snat question
If outbound traffic leaves a NAT on a firewall behind my LTM (running outbound link load balancing to 5 providers), why must I SNAT it? If I do not SNAT my outbound forwarding VS, all traffic stops....
Strictly speaking, you only need SNAT when your routing is either broken, or you for any reason (many of which are perfectly rational) do not want to change your routing.
When you SNAT, you are simply guaranteeing that the return traffic will come back through the F5, which may be the only device in your network that knows the correct place to send the traffic.
If you don't SNAT, the target device will choose whatever route it believes is best, and the traffic may wind up in a black hole.
- IPSec as the name implies is "IP Security", and is designed to break if the IP address of the parties communicating suddenly changes :) There is an IPSec feature called "NAT Traversal" that assists with this kind of scenario, but it's slightly more complex and perhaps your irule workaround is the wiser choice.
