Forum Discussion
NAT in LTM
- Aug 28, 2017
Hi Rakeshvela
From what you have described, 1.1.1.1 is the Post-NAT IP address for F5 Virtual Server IP address 10.1.1.1 right?
For the question you asked, is 10.1.1.1 same as the self-ip for outbound connections? if yes, then outbound traffic will be initiated from this IP (10.1.1.1). if not, the self-ip for your outbound vlan will be used. Outbound connections to resources where F5 does not have a leg(vlan + self-ip) will be forwarded to your default gateway or next-hop ip address if static routes were set on the box. You will need to add this IP address to your internet accessible subnets in your NAT statement.
HTH Regards Eben.
Hi Rakeshvela
From what you have described, 1.1.1.1 is the Post-NAT IP address for F5 Virtual Server IP address 10.1.1.1 right?
For the question you asked, is 10.1.1.1 same as the self-ip for outbound connections? if yes, then outbound traffic will be initiated from this IP (10.1.1.1). if not, the self-ip for your outbound vlan will be used. Outbound connections to resources where F5 does not have a leg(vlan + self-ip) will be forwarded to your default gateway or next-hop ip address if static routes were set on the box. You will need to add this IP address to your internet accessible subnets in your NAT statement.
HTH Regards Eben.
- Rakeshvela_3309Aug 28, 2017Nimbostratus
Hi Eben,
The scenario is like this
Say From some External IP 130.1.1.1 ----> 1.1.1.1(Coming to say this is my Public IP)
1.1.1.1 ---> has members 192.168.1.1 F5 will have the session table for this and when the return traffic hits F5, it will forward accordingly.
Now, say 192.168.1.1 (Member) ---> 150.3.2.2
Will F5 auto NAT it to 1.1.1.1 before sending out? Please advise.
Thanks
- eben_259100Aug 28, 2017Cirrostratus
what is the default gateway on 192.168.1.1(member)? 1. if the default gateway points back to F5, then you need to create a forwarding VS for f5 to forward the traffic outbound because it's a default deny box. about NATing, Source address translation is set to None by default. so you might have to use automap or snatpool if neceesary. Also set protocol to all when creating the Forwarding-IP VS. 2. if the default gateway points to another network device other than F5, this will depend on your internet access policy.
HTH
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com