Forum Discussion
SNAT ingress public to private, snat egress private to public pool
Ok, but with SNAT on a VIP return traffic will be picked up in the session table and natted back to the virtual server ip address.
Why do you want to SNAT the return traffic to pool of public IP's, because that is not how TCP works.
Clients will have a 3way handshake to the virtual server address, once a HTTP GET is send the BIG-IP will make a load balancing decision and perform a 3way handshake (with an IO address from the SNAT pool as source) with the selected pool member (internal host).
Any traffic between external client and internal host will flow via these two tcp sessions (client side session and server side session).
Or do you have another requirement to use a pool of external IP addresses (maybe for outbound traffic initiated by the internal hosts)
Cheers,
Kees
- Racquel_MaysFeb 09, 2021Employee
Yes, the requirement is that we use a pool of our external IP's. There are specific reason for this setup. I figured it out; created a SNAT List (Global SNAT), configured a snatpool then added it to my SNAT List. Works as expected.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com