NAT/PAT query: manage non-routable servers

Question

Hi guys,&nbsp;
We've got some back-end servers (172.16.19.40, 172.16.19.41 and 172.16.19.42) in our DMZ, residing in a non-routable network. We'd like to be able to manage them via SSH from these networks: 192.168.116.0/24 and 172.18.7.0/24.&nbsp;
Could someone recommend a NAT/PAT way we could achieve this on our LTMs please?&nbsp;
Regards,
L&nbsp;

jpeterson6_1656 · Answer

If I understand this correctly, you would need to create a self-IP on the same network as those servers, then just use a set of 1:1 regular VIPs with SNAT Automap enabled.&nbsp;
A forwarding VIP would also be possible if 172.16.19.x network is pointed to the F5.&nbsp;

secdata_support · Answer

Hi J,&nbsp;
I appreciate your approach. Considering we have 3 x back-end servers, that would have meant 3 x VIPs.&nbsp;
We wanted to minimize the number of new VIPs created, hence went for the following approach -&nbsp;
Created 1x VIP with an IP part of the internal routable VLAN, listening on all ports, with pool associated, with an iRule bound to it, switching/translating incoming custom port front-end connections (2240, 2241, 2242) to their relevant back-end nodes 172.16.19.40, 172.16.19.41 and 172.161.9.42 over port 22.&nbsp;
Your support is appreciated!&nbsp;
Regards.&nbsp;

Forum Discussion

NAT/PAT query: manage non-routable servers

Recent Discussions

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

FTP PASV mode to Extended Passive mode

Oracle JDBC SSL Termination failing on F5

APM for banner and cert

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Related Content

F5 Distributed Cloud Origin Server Subset Rules

BIG-IP High Availability with Azure Route Server

virtual server config

Check a Virtual Server's SSL Status

iRule based RADIUS Server Stack

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS