Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

aj1's avatar
aj1
Icon for Nimbostratus rankNimbostratus
Feb 27, 2015

Selective SNAT using iRule on a standard VS

Hi, I realize this issue has been addressed in a lot of posts and i have applied those to solve this issue but nothing has worked out so far. Our LTM services two vlans and applications from these ...
application delivery
devops
irule
irules
LTM
snat
aj1's avatar
aj1
Icon for Nimbostratus rankNimbostratus
Mar 03, 2015

Thank you for the reply.I do have a wildcard forwarding server that uses the snat pool, not sure how that affects this.

[admin@isb-alb-c1:/S1-green-P:Active:Standalone] ~  tmsh list /ltm snat
[admin@isb-alb-c1:/S1-green-P:Active:Standalone] ~

Used "snat none" in the rule instead of the "pool $default_pool" statement. Still seeing snat happening either way though, same subnet or not. The same logs as before. Can verify the same from the connection table.

Something that was different this time were the connection table records for the 125.171.11.108 client. No snat in the first record (expected), but snat in the second record.

show /sys connection cs-client-addr 125.171.11.108
Sys::Connections
125.171.11.108:41521  198.82.183.114:389  125.171.11.108:41521  172.16.18.24:10389  tcp  1198  (slot/tmm: 1/0)  none
125.171.11.108:43228  198.82.183.114:389  198.82.214.125:43228  172.16.19.24:10389  tcp  992  (slot/tmm: 1/1)  none
Total records returned: 2
aj1's avatar
aj1
Icon for Nimbostratus rankNimbostratus
Mar 17, 2015
Yes, having every subnet in just one data-group worked ! I guess i had a different idea as to how the irule works and therefore split the two subnets into two data-groups. Thank you Stephan.