SNAT and NAT precedence

Question

Hi,&nbsp;
In SOL9038 there is sentence "For example, a SNAT with an origin address of 10.10.64.0/24 takes precedence over a SNAT with an origin of default. Additionally, a SNAT with an origin address of 10.10.64.2 takes precedence over a NAT with an origin address of 10.10.64.2."&nbsp;
I did tests (on 11.2.0) and there is no way to create SNAT and NAT object with the same origin IP. Error is displayed when second object is saved with info about origin IP already used.&nbsp;
Is that bug in GUI or error in SOL, or I am missing something important?&nbsp;
Piotr&nbsp;

stephanmanthey · Answer

Hi Piotr,&nbsp;
I have no idea, why the documentation discusses the specific subject.&nbsp;
A NAT configuration works bi-directional:&nbsp;
- traffic to the NAT (incoming) will be forwarded to the "Origin" by applying destination address translation &nbsp;
- traffic from the "Origin" (outgoing) will be forwarded to target and source address translation is applied  &nbsp;
Where is the use case to combine a SNAT with a NAT? &nbsp;
Whenever possible I avoid to create so called Default SNATs (aka SNAT List entries). Instead I´m using virtual servers to forward traffic and apply SNAT as SNAT AutoMap / SNATpool as property of the virtual server or via iRule.&nbsp;
Thanks, Stephan&nbsp;

dragonflymr · Answer

Hi,&nbsp;
Well, I have as well no idea why it's presented that way in mentioned SOL. I can't figure out scenario for SNAT-NAT precedence. I was just curious why there is such example when there is no way to create object with same origin IP. I am just learning LTM so sometimes I don't know if it's my lack of knowledge and experience or info in SOL is just plain wrong or my version of TMOS has some bug.
Anyway, thanks for reply.&nbsp;
Piotr &nbsp;

stephanmanthey · Answer

Hi Piotr,   
thanks. I agree, there is a couple of ways to handle traffic. Some of them are just there for legacy reasons.  
And this is confusing, even if one if pretty familiar with the pure technical aspects.  
Anyway, this is the right place to ask for explanation. :)  
Thanks, Stephan

dragonflymr · Answer

Great there are people having time to answer novice questions like mine!&nbsp;
Piotr&nbsp;

Forum Discussion

SNAT and NAT precedence

4 Replies

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Question about adding VEs to existing physical appliance device group without ASM licenses

2026 301a exam

How can I measure Advanced WAF (ASM) throughput on a running BIG-IP VE (per VIP / per policy)?

What is the best practice for migrating from iseries to rseries?

BIG-IP i11000 – License compatibility with TMOS versions above 14.1.2 and Web GUI inaccessible

Related Content

Verifying Local Traffic Policy and iRule Precedence

Knowledge sharing: Order of precedence for BIG-IP modules, ASM DDOS Protection, Bot Protection

SNAT pool persistence

SNAT IP address logging

VS precedence

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS