Forum Discussion

jeffo_42365's avatar
Icon for Nimbostratus rankNimbostratus
Mar 15, 2011

Reverse NAT on a 3900

I'd like to know if it is possible to put 1000+ clients behind a 3900 on private addresses and allow them to make outbound connections using a public IP on the 3900 (reverse NAT/outbound NAT).



Note: brand new to F5 products and the 3900s.


2 Replies

  • Hamish's avatar
    Icon for Cirrocumulus rankCirrocumulus



    1. Create a new network VS


    2. Set type to forwarding


    3. Set destination to port 0


    4. Set SNAT automap


    5. Tie it to your internal interface


    6. Set a static route via the next hop on the external interface



    Away you go. Embellishments are pretty much endless.



  • Hi Jeff,



    Welcome to the F5 world :)



    You can use a all protocol virtual server (forwarding if you want to use the routing table or performance layer 4 with a fastL4 profile if you have multiple gateways you want to load balance between) enabled just on the VLAN the clients are on with SNAT enabled. LTM will then accept any connection in on that ingress VLAN and route the traffic out with source address translation. You might want to use a SNAT pool if you have a lot of active connections. This will help avoid port exhaustion.



    If this sounds right and you want details on how to configure this let us know.