Forum Discussion

Adam_3360's avatar
Icon for Nimbostratus rankNimbostratus
Dec 10, 2010

SNAT iRule based on outbound destination address

Hi All



Don't know if this is the correct way to do it, but I am trying to configure Outbound SNAT based on the destination address.



The scenario is that I have an internal server with an IP address of (for example) This server needs to initiate outbound communication to certain internet based systems but use a different SNAT address for each.



So if I wanted to communicate out to on the Internet (for example), I want the outbound SNAT set as (again for example). If I wanted to communicate out to, the SNAT must be different at



I have been reading about intelligent SNAT and iRule rules but was wondering whether this is the correct way, and if so whether anyone could suggest some example iRules?






4 Replies

  • Do you want the SNAT to be based both on the source and destination address? If you create an iRule that SNATs traffic destined to, it'll SNAT it all, unless you say it should meet both the source ( and destination (
  • Hi Chris



    Thanks for the reply. My ultimate aim is to have a group of (say) 5 servers with the inbound traffic covered by the configuration of the Virtual servers. This group of servers will need to initiate traffic outbound but use different NATs for each destination



    So for arguments sake: if I wanted to send traffic outbound from this goup of servers to Google IP addresses, use NAT address 1. If I wanted the same group of servers to send outbound traffic to F5 IP addresses, use NAT address 2.



    Hope that makes sense?
  • Yep, that makes sense. You'll simply need to do a rule that switches based on destination address. I need to look into what form of IP::addr to use here though.

      switch -glob [IP::local_addr] { 
        "" { snat x.x.x.x }
        "" { snat y.y.y.y } 

    Something like that would work as long as I have the right form of IP::addr.
  • Hi Chris



    Thanks for the reply again. Sounds like it is something like that which I need to get configured but (as a newbie to this) please can you go through the config for me?



    So to start:



    * I have a node object configured for my servers


    * I have a pool configured which have my servers as members


    * I have multiple virtual servers configured with my inbound internet facing IP addresses and required ports configured per virtual server



    Inbound access works ok, the Virtual Servers translate inbound connections as required so no problem there. As far as outbound is concerned, I have previously used SNAT Lists as the servers default gateway is the F5s which means I don't have to use Auto Map on the Virtual Servers (which is set to none so that the logfiles on the servers keep the source IP addresses intact for inbound traffic rather than logging the F5 IP address all the time).



    I am unclear how to configure the Outbound iRule, whether separate Virtual Servers are required for the Outbound traffic, and also I have read about Data Groups which i am again unsure of.



    If you could help with this I would certainly be appreciated