Forum Discussion
NimbostratusSNAT Is not working
Hi all,
want to quick help
virtual ssp.vip {
snat automap
pool usssp.http
destination 192.168.192.10:http
ip protocol tcp
vlans external_v192 enable
}
pool ussp.http {
snat disable
nat disable
members 10.16.7.1 :http {}
}
i enable snat and nat in pool . checked not working
what are other things i need to look
thanks
11 Replies
What_Lies_Bene1Cirrostratus
You should check the same settings for the Virtual Server. Also, when testing, ensure you are actually opening a new connection; close the browser and open and try again. Better yet, use a different client. The change won't apply to existing connections.
A__N_5261I took another client. and check VIP setting its looks good. still not working
Server have default gateway to BIG IP. but i need to hide source IP. any other trouble shoot step
Thanks- What_Lies_Bene1How are you checking/confirming it's not working? Can you do a tcpdump on the server-side interface and confirm?
- A__N_5261
Hi Steve
Here is some test i did. may be you can little bit explain. it would be great help
First Test -- Snat is not working . when i enable only on Virtual server with automap
irtual ssp.vip {
snat automap
pool usssp.http
destination 192.168.192.10:http
ip protocol tcp
vlans external_v192 enable
}
pool ussp.http {
snat disable
nat disable
members 10.16.7.1 :http {}
}
Second Test ----- Snat is working only enable on Pool . i can see connection on server side . it establishing from
Big IP self ip . But does not show in "Tmsh" . Why its not showing in TMSH SHell
(tmos) show sys connection cs-server-addr 192.168.192
14.99.79.57:56136 192.168.192:80 10.16.7.1:80 tcp 0
virtual ssp.vip {
pool usssp.http
destination 192.168.192.10:http
ip protocol tcp
vlans external_v192 enable
}
pool ussp.http {
snat enable
nat enable
members 10.16.7.1 :http {}
}
Third Test --------------------- its working showing Big-IP IP but don't show In TMSH. . Why its not showing in TMSH SHell
virtual ssp.vip {
snat auto_map
pool usssp.http
destination 192.168.192.10:http
ip protocol tcp
vlans external_v192 enable
}
pool ussp.http {
snat enable
nat enable
members 10.16.7.1 :http {}
}
- What_Lies_Bene1The client-side IP is not changed in the second test which probably explains why it's not shown in tmsh for that use case. Can you post the command output for the third test?
- A__N_5261Thanks for taking to your time.
here is command
(tmos) show sys connection cs-server-addr 192.168.192.10
Why its working in First Test. when we enable only on pool level.. is this okey.? as i see F5 doc we need to enable Virtual server (auto_map).
Thanks - What_Lies_Bene1That command should work regardless of any SNAT configured but the output will obviously change when you enable SNAT. What output do you see in test two and three?
- A__N_5261if i got it. i add one keyword in last command it show client and server side connection. with Two and third test its show self ip of serverside connection
(tmos) show sys connection cs-server-addr 192.168.192.10 all-properties.
Thanks a lot for help Steve.
one Last question
Why its not working with First test and why is working on second test ?
is this okey only enable snat on pool level ? no need in VIP side ? - What_Lies_Bene1
Ah good. You're welcome.
If you haven't specifically configured SNAT somewhere on the device then simply enabling it should NOT result in SNATting. Your second test should have failed. If it didn't then I would suspect an existing connection was reused. Perhaps test again and double-check snat automap is off and it's a brand new connection. - A__N_5261
Hi Steve,
Everything is working now. thanks.
one quesiton why Under pool config have option for "SNAT Enable". What is use of it
Thanks & Regards
A.N
