Forum Discussion

Nimbostratus

Jun 05, 2008

SNAT Based on Source and Destination

I hope you can help ... thanks. I am trying to apply conditional SNAT based on source and destination for any service otherwise leave them alone and allow the static NAT to take effect....

Cirrostratus

Jun 05, 2008

The VIP is showing disabled in your config snippet--I assume it was enabled when you were testing? Also, the IP::client_addr and IP::local_addr commands need to be enclosed in square braces in order to be executed. I would think that the conditional should have failed and no SNAT would have been used.

Can you retest with the VIP enabled and the commands bracketed?

  
  when CLIENT_ACCEPTED {  
     if {[matchclass [IP::local_addr] equals $::the_destination_ip] and [matchclass [IP::client_addr] equals $::the_source_ip]} {  
        log local0. "[IP::client_addr]: using SNAT for [IP::local_addr]" 
        snat 10.10.1.1  
     } else {  
        log local0. "[IP::client_addr]: not using SNAT for [IP::local_addr]"  
        snat none  
     }  
  }

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SNAT Based on Source and Destination

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

r4600 Tenant CPU Assignment

master key file on vcmp guest HA Cluster different?

F5 Health Monitor Receive String as JSON

Rewrite content in XML schema file.

DNS Request to VS?

Related Content

Block destination IP by source IP

SNAT based on source and destination

Destination Based Routing

Destination address at F5

Source IP Based Pool Routing

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS