Forum Discussion
Manuel_108718
Nimbostratus
NimbostratusNCP -NAT
Hello
We want to use a NCP client through our bigip LTM v9.4, NCP client is located in our Local network, and the NCP Server is in the outside network. we have to use NAT in order to reach the NCP server (this cannot be avoided). The issue is that NAT just replaces the source IP from TCP headers, and NCP uses a referral header with the IP address from client (I think it goes on the payload). This header is not replaced, so NCP server cannot replay connections.
So the question is: If it exists a way to change this header using iRules? I took a look at the wiki, and I didn't find anything about NCP protocol.
Here you can find the documentation for NCP protocol and its issues related to NAT.
http://www.novell.com/coolsolutions/feature/17156.html
Any help will be appreciated.
MRH
- The_BhattmanI don't have NCP running but have you taken a look at the following
http://devcentral.f5.com/wiki/default.aspx/iRules/TCP__payload.html
I hope this helps
Bhattman - JRahm
Admin
It looks like you're going to need to account for not just the offset of the ncp header, but where in the data stream, if at all, the ip will be that you are looking to replace. Is the field in a reliable location in every packet/flow, or does it change based on request type? Might have to validate the appropriate request type first, then start searching for the right field to perform your replacements. Sounds doable, but will need further analysis of some packet captures. TCP::collect and TCP::payload, as Bhattman has indicated, will be your friends in this effort. Might wanna look up TCL's binary scan command as well. 
Manuel_108718Thanks for your help, those are good suggestions, I 'II take a look on it,
I hope to answer soon.
Regards
