SNAT iRule problem

IP::server_addr tries to return the remote address from the serverside connection. Because no serverside connection has been established in CLIENT_ACCEPTED, the runtime error (in the log statement) causes an invalid state for the connection. TMM sends a reset to the client to close the connection. To handle runtime errors gracefully and prevent resets, you can use the catch command(Click here).

If you want to see the source IP:port translation, you could add the log statements back to the SERVER_CONNECTED event:

 
 when CLIENT_ACCEPTED { 
  
     Debug logging 
    log local0. "[IP::client_addr]:[TCP::client_port]: New TCP connection to destination IP:port [IP::local_port]:[TCP::local_port]" 
  
     Compare destination address with the pre-defined 
     class of RFC1918 non-routable addresses 
     If not in that group, automap-SNAT the connection 
    if {not [matchclass [IP::local_addr] equals ::private_net] } { 
       snat automap 
    } 
 } 
 when SERVER_CONNECTED { 
  
     Debug logging 
    log local0. "[IP::client_addr]:[TCP::client_port]: New TCP connection to destination IP:port [IP::local_port]:[TCP::local_port] \ 
       using source [IP::local_addr]:[TCP::local_port]" 
 } 
 

For more details on the IP:: and TCP:: commands and context, you can check this post:

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=1018710235

And the events wiki page:

http://devcentral.f5.com/wiki/default.aspx/iRules/events

Aaron