For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jeffo_42365's avatar
jeffo_42365
Icon for Nimbostratus rankNimbostratus
Mar 15, 2011

Reverse NAT on a 3900

I'd like to know if it is possible to put 1000+ clients behind a 3900 on private addresses and allow them to make outbound connections using a public IP on the 3900 (reverse NAT/outbound NAT).

 

 

Note: brand new to F5 products and the 3900s.

 

basic
getting started
new to f5

2 Replies

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Mar 15, 2011
    Yes

     

     

    1. Create a new network VS

     

    2. Set type to forwarding

     

    3. Set destination to 0.0.0.0/0.0.0.0 port 0

     

    4. Set SNAT automap

     

    5. Tie it to your internal interface

     

    6. Set a static route via the next hop on the external interface

     

     

    Away you go. Embellishments are pretty much endless.

     

     

    H
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Mar 15, 2011
    Hi Jeff,

     

     

    Welcome to the F5 world :)

     

     

    You can use a 0.0.0.0:0 all protocol virtual server (forwarding if you want to use the routing table or performance layer 4 with a fastL4 profile if you have multiple gateways you want to load balance between) enabled just on the VLAN the clients are on with SNAT enabled. LTM will then accept any connection in on that ingress VLAN and route the traffic out with source address translation. You might want to use a SNAT pool if you have a lot of active connections. This will help avoid port exhaustion.

     

     

    If this sounds right and you want details on how to configure this let us know.

     

     

    Aaron