Forum Discussion

Icon for Cirrus rank

Cirrus

Mar 17, 2020

SNAT based on source and destination

Greetings, I am working on Forwarding (IP) VS. I have used the next: when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals VPN-SUBNET] } { if {[class match [IP::remote...

Simon_Blakely
Mar 17, 2020
The problem you have is that in CLIENT_ACCEPTED, IP::client_addr and IP::remote_addr are the same IP address

> IP::remote_addr
> Description
> Returns the IP address of the host on the far end of the connection.
> In the clientside context, this is the client IP address.

You can check IP::server_addr, but I'm not entirely sure it will be valid in context.

You probably need a specific virtual server for the required destination, and can then apply the SNAT for some specific client IP addresses.

Icon for Employee rank

Employee

Mar 17, 2020

The problem you have is that in CLIENT_ACCEPTED, IP::client_addr and IP::remote_addr are the same IP address

> IP::remote_addr

> Description

> Returns the IP address of the host on the far end of the connection.

> In the clientside context, this is the client IP address.

You can check IP::server_addr, but I'm not entirely sure it will be valid in context.

You probably need a specific virtual server for the required destination, and can then apply the SNAT for some specific client IP addresses.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming