For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

roracz's avatar
roracz
Icon for Nimbostratus rankNimbostratus
Jun 01, 2018

SNAT Pool members from directly connected network

Hi, In SNAT Pool creation manual we can read: 4. For the Member List setting: a. In the IP Address field, type an IP address. The BIG-IP system uses this address as a SNAT translation ...
application delivery
LTM
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
Jun 01, 2018

Hi,

 

As you told, you use addresses from directly connected egress vlans.

 

  • cluster you will use floating.
  • standalone you will use self directly connected egress vlans.

When you create a snat pool you have to pay attention about following point:

 

  • even if you don't use your snat pool (attach snat to vs), F5 answers the ARP queries for that IP address. So don't use an IP that already use (This address must NOT be on a directly-connected network), you risk having an IP conflict...

     

  • snat pool is an failover object, if you have an cluster and it occur a failover, SNAT IP will failover to and new device active will send gratuitous arp including your IP snat pool.

     

So overall (This address must NOT be on a directly-connected network) this sentense means that you have to be carefull to not Use an existing IP. under threat of having IP conflict problems...

 

Hope it's clear.

 

regards,