NAT the clientside?

Question

We have an LTM 9.4.7 and we wanted to replace our reverse proxy layer with the F5. We are trying to configure NAT for the clientside. Essentially we would like all connections from the client get NAT'd to a routable address on the inside of our DMZ. I see lot of options not sure where to begin. Thx! 
&nbsp;  
&nbsp; NEW 
&nbsp;  
&nbsp; CLIENT 1.1.1.1 
&nbsp;    | 
&nbsp; Firewall 
&nbsp;    | 
&nbsp; F5 EXT VIP 10.0.0.100 (All clients should get nat'd the same way to RP 10.0.1.100) 
&nbsp;    | 
&nbsp; Firewall 
&nbsp;    | 
&nbsp; F5 INT VIP 172.16.x.x 
&nbsp;    /\ 
&nbsp; APP1 APP2 (application) 
&nbsp;  
&nbsp;  
&nbsp;  
&nbsp; CURRENT 
&nbsp;  
&nbsp; CLIENT 1.1.1.1 
&nbsp;    | 
&nbsp; Firewall 
&nbsp;    | 
&nbsp; F5 EXT VIP 10.0.0.100 
&nbsp;    /\ 
&nbsp; PXY1 PXY2 10.0.1.100 and .101 (Clients get nat'd to one of these IP's) 
&nbsp;    \/ 
&nbsp; Firewall 
&nbsp;     | 
&nbsp; F5 INT VIP 172.16.x.x 
&nbsp;    /\ 
&nbsp; APP1 APP2 (application) 
&nbsp;

jrahm · Answer

You could create a snatpool with the 10.0.1.100 (and the 10.0.1.101 if you are concerned about tcp port exhaustion) and apply it to your EXT VIP.

Forum Discussion

NAT the clientside?

1 Reply

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Failed to set RDP launch token timeout

AWAF - Do not log Geolocation violations from the Event Log

Load Balancing IIS Servers

remove www from domain

Front azure traffic from F5 LTM onpremises

Related Content

BIG-IP AFM設定例-NAT

err tmm1[24399]: 011f0007:3: http_process_state_prepend - Invalid action:0x107041 clientside

NAT for specific IPs

Bulk Nat Creation

Remove subnet from NAT pools without any impact

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS