NAT iRule not functioning

Question

Hopefully this is a basic oversight on my behalf.  &nbsp;
&nbsp;I have a single VS (10.1.1.53:0) with 2 members 10.1.2.206 and 207.  No SNAT pool or Automap is defined in VS. SNAT, if required, is performed with the use of an iRule.  The iRule is shown below:&nbsp;
&nbsp;when CLIENT_ACCEPTED {
&nbsp;  Check if client is in 10.1.2.0/24 subnet 
&nbsp;if {[IP::addr [IP::client_addr] equals 10.1.2.0/24]}{ 
&nbsp; Use the snatpool
&nbsp; snatpool Pool_snat_1} 
&nbsp;}&nbsp;
&nbsp;The SNAT Pool mentioned has the addresses 10.1.2.44 and 45 in it.&nbsp;
&nbsp;Monitoring traffic I see that the source of the requests are actually the F5 non-floating self IP.  I dont understand why.  Traffic output below:&nbsp;
&nbsp;tcpdump -i Internal -n host 10.1.1.53 
&nbsp;tcpdump: listening on Internal 
&nbsp;10:22:48.918620 10.1.2.117.2045 &gt; 10.1.1.53.microsoft-ds: S 1796654770:1796654770(0) win 65535 (DF) 
&nbsp;10:22:48.918627 10.1.1.53.microsoft-ds &gt; 10.1.2.117.2045: S 441223112:441223112(0) ack 1796654771 win 4380 (DF) 
&nbsp;10:22:48.918755 10.1.2.117.2045 &gt; 10.1.1.53.microsoft-ds: . ack 1 win 65535 (DF) 10:22:48.919014 10.1.2.117.2045 &gt; 10.1.1.53.microsoft-ds: P 1:138(137) ack 1 win 65535 (DF) 
&nbsp;10:22:48.919389 10.1.1.53.microsoft-ds &gt; 10.1.2.117.2045: P 1:210(209) ack 138 win 4517 (DF) 
&nbsp;10:22:48.919987 10.1.2.117.2045 &gt; 10.1.1.53.microsoft-ds: P 138:408(270) ack 210 win 65326 (DF) 
&nbsp;10:22:48.920302 10.1.1.53.microsoft-ds &gt; 10.1.2.117.2045: P 210:762(552) ack 408 win 4787 (DF) 
&nbsp;10:22:48.920733 10.1.2.117.2045 &gt; 10.1.1.53.microsoft-ds: P 408:1068(660) ack 762 win 64774 (DF) 
&nbsp;10:22:48.924123 10.1.1.53.microsoft-ds &gt; 10.1.2.117.2045: P 762:994(232) ack 1068 win 5447 (DF) &nbsp;
&nbsp;tcpdump -i Internal -n host 10.1.2.207 tcpdump: listening on Internal 
&nbsp;10:28:58.283366 10.1.2.2.3317 &gt; 10.1.2.207.https: S 3342204928:3342204928(0) win 512 (DF) 
&nbsp;10:28:58.283510 10.1.2.207.https &gt; 10.1.2.2.3317: R 0:0(0) ack 3342204929 win 0 (DF) 10:28:59.283462 10.1.2.2.3320 &gt; 10.1.2.207.microsoft-ds: S 3358982144:3358982144(0) win 512 (DF) 
&nbsp;10:28:59.283664 10.1.2.207.microsoft-ds &gt; 10.1.2.2.3320: S 3674944488:3674944488(0) ack 3358982145 win 8192 (DF) 
&nbsp;10:28:59.283841 10.1.2.2.3320 &gt; 10.1.2.207.microsoft-ds: R 3358982145:3358982145(0) win 0 (DF) 
&nbsp;10:29:08.284194 10.1.2.2.3339 &gt; 10.1.2.207.https: S 3509977088:3509977088(0) win 512 (DF) 
&nbsp;10:29:08.284355 10.1.2.207.https &gt; 10.1.2.2.3339: R 0:0(0) ack 3509977089 win 0 (DF) 10:29:09.284306 10.1.2.2.3342 &gt; 10.1.2.207.microsoft-ds: S 3526754304:3526754304(0) win 512 (DF) 
&nbsp;10:29:09.284501 10.1.2.207.microsoft-ds &gt; 10.1.2.2.3342: S 4207201783:4207201783(0) ack 3526754305 win 8192 (DF) 
&nbsp;10:29:09.284582 10.1.2.2.3342 &gt; 10.1.2.207.microsoft-ds: R 3526754305:3526754305(0) win 0 (DF) 
&nbsp;10:29:18.285000 10.1.2.2.3361 &gt; 10.1.2.207.https: S 3677749248:3677749248(0) win 512 (DF) 
&nbsp;10:29:18.285176 10.1.2.207.https &gt; 10.1.2.2.3361: R 0:0(0) ack 3677749249 win 0 (DF) &nbsp;
&nbsp;Any assistance or guidance would be appreciated.&nbsp;

nz_david_20489 · Answer

My error - just found specific member monitor using that port (microsoft-ds, port 445).  The traffic identified is just a TCP monitor.

Forum Discussion

NAT iRule not functioning

1 Reply

Recent Discussions

CITRIX remote desktop solution using F5 APM

BIG-IP rseries license

F5 iRule to route traffic based on AS2 headers doesnt work

Trouble with TCP::option set 28

LDAPS: intermittent login issues

Related Content

URL Rewrite/ProxyPass Functionality

Use AWS Lambda functions in a CFT

Viprion Functionality

Ruby NAT Maker

Route domain SNAT and NAT implementation