F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Mahantesh_Bisur's avatar
Mahantesh_Bisur
Icon for Nimbostratus rankNimbostratus
Aug 05, 2015

SNAT iRule based on client IP address

Hi All,   I am looking for an Irule on a virtual server to use a different snatpool based on the actual client ip address and this has to scale up to multiple different clients(around 50 to 100) ...
Mahantesh_Bisur's avatar
Mahantesh_Bisur
Icon for Nimbostratus rankNimbostratus
Aug 05, 2015

Thanks Patrick for the update. Here we basically need all the client ip addresses to be visible on the back end servers.Our back end servers are sftp servers & there are external customers who accesses this sftp services. so there is a requirement for us to check & validate each & every request at the back end servers to see from where the requests are coming & who is accessing this sftp services.Since the way our network has been setup, We are using SNAT automap on our VS,So back end servers are currently seeing only F5 Ip address. As you said, If I use all addresses in single Data group then all requests will hit the back end servers with single snatpool ip which again will become similar to snat automap..

 

I tried to configure n-path routing for this issue, but that also didn't worked for me. So basicallly what I am thinking is if we use natting on the F5 for example if customer A accesses this VS then it shuld nat to ip address X. so that whenever request hits back end pool members with this ip address(X) they will be able to identify the customer details.

 

I hope you got my requirement. Please let us know if you need further clarification on this.