Reverse NAT on a 3900

Question

I'd like to know if it is possible to put 1000+ clients behind a 3900 on private addresses and allow them to make outbound connections using a public IP on the 3900 (reverse NAT/outbound NAT).&nbsp;
&nbsp;Note: brand new to F5 products and the 3900s.&nbsp;

hamish · Answer

Yes 
&nbsp;  
&nbsp; 1. Create a new network VS 
&nbsp; 2. Set type to forwarding 
&nbsp; 3. Set destination to 0.0.0.0/0.0.0.0 port 0 
&nbsp; 4. Set SNAT automap 
&nbsp; 5. Tie it to your internal interface 
&nbsp; 6. Set a static route via the next hop on the external interface 
&nbsp;  
&nbsp; Away you go. Embellishments are pretty much endless. 
&nbsp;  
&nbsp; H

hooleylist · Answer

Hi Jeff, 
&nbsp;  
&nbsp; Welcome to the F5 world :) 
&nbsp;  
&nbsp; You can use a 0.0.0.0:0 all protocol virtual server (forwarding if you want to use the routing table or performance layer 4 with a fastL4 profile if you have multiple gateways you want to load balance between) enabled just on the VLAN the clients are on with SNAT enabled.  LTM will then accept any connection in on that ingress VLAN and route the traffic out with source address translation.  You might want to use a SNAT pool if you have a lot of active connections.  This will help avoid port exhaustion. 
&nbsp;  
&nbsp; If this sounds right and you want details on how to configure this let us know. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Reverse NAT on a 3900

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

BIG-IP AFM設定例-NAT

F5 Reverse Proxy setup

Remove subnet from NAT pools without any impact

Troubleshooting Lync/Skype for Business Reverse Proxy

Block requests by reverse DNS record

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS