Forum Discussion

IRONMAN's avatar
IRONMAN
Icon for Cirrostratus rankCirrostratus
May 09, 2019

SNAT for outbound connections from members to internet and intranet

Any one confirm please , below irule will give me this solution?

SNAT for outbound connections from members to internet and intranet members IP range: 172.0.0.0 single vip with IP 192.0.0.5

So members can access the internet via same vip to internet and intranet? Actually i dont understand how this taking applying for only outbound connections?

{ when CLIENT_ACCEPTED {

     if { [IP::addr [IP::client_addr] equals 172.0.0.0] }
      { snatpool xxxx }
      elseif 
       { snat none } 
    }
}
  • Hi Ironman,

     

    You could create a forwarding virtual server with a destination IP:port of 0.0.0.0:0 with a source of 172.0.0.0/8 enabled on the VLAN that the clients are connecting into the BIG-IP on. You could enable your SNAT pool on the virtual server.

     

    This should work without an iRule.

     

    Aaron

  • Hi Ironman,

     

    You could create a forwarding virtual server with a destination IP:port of 0.0.0.0:0 with a source of 172.0.0.0/8 enabled on the VLAN that the clients are connecting into the BIG-IP on. You could enable your SNAT pool on the virtual server.

     

    This should work without an iRule.

     

    Aaron

    • IRONMAN's avatar
      IRONMAN
      Icon for Cirrostratus rankCirrostratus

      Thanks,

       

      Should i add VLAN of external, that connecting to upstream? or Server VLAN?

      SNAT i can apply server IP? is it possible? because client need to server IP, that connection coming from?