Forum Discussion

Nimbostratus

Nov 11, 2015

possible to double/twice nat on F5?

Hi, I have the fun task of making a F5 with ltm+afm replace a cisco FWSM that is a bridge between overlapping networks ( company mergers). Right now the FWSM does 4 task related to nat, 3 o...

advanced firewall manager

application delivery

BIG-IP Access Policy Manager (APM)

Cirrus

Nov 12, 2015

You can accomplish this with virtual servers, but that will require two virtual servers for each of your NATs to cover traffic flowing in both directions. To do this in an iRule may be "easier" as you will only need one vip, 0.0.0.0/0, and two data groups. You could try something like this. Obviously you will need entries for both sides connections could originate from.

when CLIENT_ACCEPTED {
    if source matches in the data group snat it to the value of that entry
    if {[class match [IP::client_addr] patList_dg]}{
        snat [class lookup [IP::client_addr] patList_dg]
    }
    if destination matches in the data group direct traffic to the value of the entry
    if {[class match [IP::local_addr] natList_dg]}{
        node [class mlookup [IP::local_addr] natList_dg]
    }
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)