SNAT by VIP, not source

Question

I have several pools of terminal servers behind the BigIP, but the BigIP is not the default gateway, so I need to translate the source.  Currently, I'm using automap, but I would like to assign a snat to each vip.  I'm not sure if I need rules to do this or not, but I couldn't get it to work with just snat configuration.  For example, if I have vip 10.1.1.1 serving a pool of servers on 10.10.10.0/24, I'd like the source translation address to be 10.10.10.1, not the real on that subnet.  Any direction would be appreciated.

brian_gupta_115 · Answer

What kind of terminal servers? 
&nbsp;  
&nbsp; -Brian

jrahm · Answer

Windows.  I'm guessing the rule would need to look similar to this? 
&nbsp;  
&nbsp; iRule vip1_snat_assignment { 
&nbsp;  when CLIENT_ACCEPTED { 
&nbsp;   use snat 10.10.10.1 
&nbsp;  } 
&nbsp; }

brian_gupta_115 · Answer

I don't think you need a rule. Create a SNAT address 10.10.10.1 in the networking section of the GUI. Then on the advanced properties of the VIP, select that SNAT. 
&nbsp;  
&nbsp; Cheers, 
&nbsp; Brian

jrahm · Answer

The BigIP wouldn't let me create a second snat in the same vlan with the same source network (0.0.0.0/0), but I could create a single member snat pool and map this to each vip.  That's great!  Thanks.

Forum Discussion

SNAT by VIP, not source

4 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

Phishing, Malware, Breach and Open-Source Security

How to ensure source address and source port are accepted and traversed properly via F5 SNAT automap

Multiple SNAT pools under a single VIP

Capturing source IP addresses for VIP

SNAT pool persistence

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS