Forum Discussion

Nimbostratus

Sep 18, 2013

SNAT by Destination IP

I want to mask a network behind an SNAT IP address based on the following criteria: either the leaving interface (WAN) or the desitination IP. Is there a way to solve that by configuration utility? O...

application delivery

BIG-IP Access Policy Manager (APM)

Nacreous

Sep 18, 2013

I think it could be done without using iRules.

Have network routes and a default route configured first in your network settings.

Have specific network virtual servers (ForwardingIP) for your RFC1918, protocol 'all' and port 'any'.

Have an additional wildcard network virtual server on 0.0.0.0/0 (ForwardingIP), protocol 'all' port 'any' with SNAT AutoMap enabled.

Most specific virtual servers will apply.

Now you should be done.

Don´t forget to enable SNAT for 'All protocols':

tmsh modify ltm global-settings general snat-packet-forward enabled
tmsh save sys config
tmsh run cm config-sync to-group device-group-failover

Otherwise your PINGs to the outside world will not be SNATed.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

Bram - January 2026 Featured Member

DevCentral News

announcement

event

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

Community Articles

application delivery

CIS

container ingress services

devops

Gateway Fabric

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SNAT by Destination IP

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Question about adding VEs to existing physical appliance device group without ASM licenses

2026 301a exam

How can I measure Advanced WAF (ASM) throughput on a running BIG-IP VE (per VIP / per policy)?

What is the best practice for migrating from iseries to rseries?

BIG-IP i11000 – License compatibility with TMOS versions above 14.1.2 and Web GUI inaccessible

Related Content

Destination Snat Using DNS

Destination address at F5

SNAT based on source and destination

SNAT pool persistence

Block destination IP by source IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS