Forum Discussion
CirrostratusRDP with Forwarding VIP and DNAT
CirrostratusTook this pcap and see RST from f5 VIP to the client.
rob_carrCirrocumulus
In BIG-IP LTM, Virtual Servers and NATs are listeners, and only one can handle a specific connection.
Why not use a standard virtual server, which does destination address by default, with your RDG as the only member of the pool?
If you really need to do DNAT, you could use an iRule or AFM NAT rules to make the transformation.
- David_M
Actually I just want to try how this NAT works, this is just for study.
So if NATs are listeners how will we make sure the traffic hits the NAT on the BIGIP?
Just configure the NAT and not the VS?
Will that just itself just pass the traffic to the RDP server after NAT and we dont even need the forwarding VIP for it?
- rob_carr
Hi David M,
You shouldn't need the Forwarding VS to make this work. Any packets that arrive on the F5 with a destination address of 10.1.61.25 will be allowed to traverse the BIG-IP and have their destination address changed to 10.1.62.150. Any packets that arrive on the F5 with a source of 10.1.62.150 will be allowed to traverse the BIG-IP and have their source address changed to 10.1.62.150. You'll need to ensure that the NAT is enabled on both the external and internal VLANs in your network.
Keep in mind that NATs are stateless and port unaware, so when I say packets, I mean packets and they could be for any service on 10.1.62.150. That's why (generally) NATs are frowned upon.
