Forum Discussion

Rakeshvela_3309's avatar
Rakeshvela_3309
Icon for Nimbostratus rankNimbostratus
Aug 28, 2017

NAT in LTM

Hi All,   Say there is a Public IP Mapped to Internal IP (say Public IP owned by us)1.1.1.1 ---> 10.1.1.1(As a member). When request from outside hits the VIP 1.1.1.1, the request is sent to desti...
application delivery
LTM
  • eben_259100's avatar
    eben_259100
    Aug 28, 2017

    Hi Rakeshvela

     

    From what you have described, 1.1.1.1 is the Post-NAT IP address for F5 Virtual Server IP address 10.1.1.1 right?

     

    For the question you asked, is 10.1.1.1 same as the self-ip for outbound connections? if yes, then outbound traffic will be initiated from this IP (10.1.1.1). if not, the self-ip for your outbound vlan will be used. Outbound connections to resources where F5 does not have a leg(vlan + self-ip) will be forwarded to your default gateway or next-hop ip address if static routes were set on the box. You will need to add this IP address to your internet accessible subnets in your NAT statement.

     

    HTH Regards Eben.

     

eben_259100's avatar
eben_259100
Icon for Cirrostratus rankCirrostratus

Hi Rakeshvela

 

From what you have described, 1.1.1.1 is the Post-NAT IP address for F5 Virtual Server IP address 10.1.1.1 right?

 

For the question you asked, is 10.1.1.1 same as the self-ip for outbound connections? if yes, then outbound traffic will be initiated from this IP (10.1.1.1). if not, the self-ip for your outbound vlan will be used. Outbound connections to resources where F5 does not have a leg(vlan + self-ip) will be forwarded to your default gateway or next-hop ip address if static routes were set on the box. You will need to add this IP address to your internet accessible subnets in your NAT statement.

 

HTH Regards Eben.

 

eben_259100's avatar
eben_259100
Icon for Cirrostratus rankCirrostratus
Aug 28, 2017

what is the default gateway on 192.168.1.1(member)? 1. if the default gateway points back to F5, then you need to create a forwarding VS for f5 to forward the traffic outbound because it's a default deny box. about NATing, Source address translation is set to None by default. so you might have to use automap or snatpool if neceesary. Also set protocol to all when creating the Forwarding-IP VS. 2. if the default gateway points to another network device other than F5, this will depend on your internet access policy.

 

HTH