Forum Discussion
NimbostratusSNAT List (outbound SNAT) address translation problem
HI all,
I am facing a strange issue with SNAT list. I have few SMTP servers configured in SNAT LIST to replace their original source IP with a specific ip for Internet bound connections. I have created a new LB network where Big-IP is a default gw and placed few new SMTP server on that new network. I have added new server to the existing Snat List so the source IP looks the same externally. When I try to ping my servers (internally) on the new network I get replies from the Translation IP I am using in the SNAT List. However, when I ping server on the old network I get replies form the original IP of the servers. Both networks are configured the same with Big-IP as default gateway, both live on the same ESX cluster. All server IPs are in the same snat list. Also, If i move new servers to the old network I get ping replies from server's IP. Any idea what can be going on here? How does snat list identify when to translate source ip and when not to?
1 Reply
- alex100
Cirrostratus
OK. Look like I have it figured out. Seems like routing related issue. After examining routing paths this morning I noticed that traffic destined for new network was traversing the firewall while traffic destined for old network was send directly to Big-IP interface. Still not sure if firewall was altering my packets or it relates to forward and return traffic taking different paths. My understanding is that SNAT listener alters source IP only for outbound connections originated from the hosts on the network behind Big-IP as they traverse through the gateway. However when host behind Big-IP sends a reply to inbound connection the listener on the gateway knows that and preserves the original IP. I could be off in my theory, but after fixing the routing everything is working as expected.
