F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

George_33482's avatar
George_33482
Icon for Nimbostratus rankNimbostratus
Dec 14, 2011

Snat on the egress interface + vpn connection

Hi all,     I have a LTM + LC and i am load balancing 2 ISP, and i have ASA (behind LC) which terminate a VPN. I want to perform Snat on the egres interface on the F5. Using automap do not hel...
config
design
HW_36020's avatar
HW_36020
Icon for Nimbostratus rankNimbostratus
Dec 14, 2011
George

 

 

I have done something similar with a IpSec tunnel on my new v11 LTM that terminates the IPSec VPN and have another LTM behind it that NATS the traffic before it enters the tunnel. The way I have done this is created a VS on my downstream LTM that listens for the traffic on x.x.x.x:any with a custom SNAT pool.The custom SNAT pool ( ISP1_outbound) only contains the NAT address y.y.y.y for egress to the IPSec tunnel on my upstream LTM. This forces the traffic to be NAT'ed before it hits the upstream LTM and enters the tunnel so that the tunnel knows it is to be sent to the opposite peer gateway using ESP.

 

 

hope this helps.