For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

benlui_9160's avatar
benlui_9160
Icon for Nimbostratus rankNimbostratus
Sep 08, 2009

NAT for whole internal subnet

I am using BIG-IP HA pair with 2 segments, external (203.194.252.x) and internal (192.168.0.x).     bigip has 1 floating ip (203.194.252.123)   my internal hosts need to access externa...
config
design
benlui_9160's avatar
benlui_9160
Icon for Nimbostratus rankNimbostratus
Sep 17, 2009
I cannot use forwarding virtual server as I should not put over 200+ hosts in the pool.

 

 

I cannot use packet filter.

 

 

The real case is,

 

- LTM has 3 vlan, external, internal, addition

 

- external and internal form a bridge vlan group, sharing same segment 192.168.0.x

 

- addition vlan is 10.10.10.x

 

 

LTM ip: 192.168.0.1, 192.168.0.88 (floating), 10.10.10.1

 

 

(A) when hosts in internal vlan access hosts in external vlan, it will automaticaly SNAT to 192.168.0.88 (I have set nothing about it)

 

 

(B) but internal hosts need to SNAT to 10.10.10.8 (for example) to access hosts in 10.10.10.x

 

 

so, I need to keep (A)and (B), but when I set SNAT to 10.10.10.8 for internal hosts to archeve (B), (A) cannot be maintained, it will SNAT to 10.10.10.8 as well to access external hosts.

 

 

any recommendation?