Problem with SNAT configuration

Question

I´m trying to configure a SNAT for Cisco ISE Change Of Authorization (COA) . The goal is to have the virtual address from the load balance appearing as the source of all COA connections. This way I don´t need to add each policy server address to the NADs. I´m using LTM 11.0.0. I configured the SNAT as shown below:
ltm snatpool /Sisop-Linux/radius_coa_snat {
    members {
        /Sisop-Linux/172.10.10.10 /*address used as origin
    }
}

ltm virtual /Sisop-Linux/vs-isepsn-coa {
    destination /Common/0.0.0.0:1700
    ip-protocol udp
    mask any
    profiles {
        /Common/udp { }
    }
    snatpool /Sisop-Linux/radius_coa_snat 
    translate-address disabled
    translate-port disabled
    vlans {
        /Common/v811-pool-net-services /*vlan where the police servers are located
    }
    vlans-enabled
}

The COA traffic never reaches the destination. A tcpdump on the balance shows that traffic is entering the "v811-pool-net-services" vlan but it doesn´t exit. 
Can anyone help me?

josiah_39459 · Answer

What's the destination?  Does it match a route?  If there's no route found in the tmm routing table, it won't exit.

Forum Discussion

Problem with SNAT configuration

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Certificate Expiry Email alert configuration

Source_Addr Persistence Problems

relocation cpu core on vcmp host the guest configuration back to default configuration

Re: LTM SYN Cookie Configuration

Problem about Export imformation to Excel

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS