Forum Discussion
SNAT Preserve-Strict not working with two different source addresses
Hi everybody. I have a BIG IP LTM 4000s 12.0 and the following issue.
I have an endpoint (EP) that needs to receive packets from a determined IPv6 address (IPXX) and source port (SrcPortYY), otherwise, it will not respond to it.
I have two servers (A and B) that send packets destined to this endpoint through a BIG IP. I configured a SNAT to translate to IPXX address when it receives either from A or B and also to Preserve-Strict the source port it receives.
When I send packets first from A to EP, the BIG-IP translates the source address correctly to IPXX, keeps the source port SrcPortYY and everything works fine. But when I start to send from B to EP and still sending from A, that translation fails and keep translating only the packets that it first received from A.
Any ideas? Thanks!
Example:
Start sending from A
A:SrcPortYY > EP:DstPort --> Original packet
IPXX:SrcPortYY > EP:DstPort --> Translated packet OK
A:SrcPortYY > EP:DstPort --> Original packet
IPXX:SrcPortYY > EP:DstPort --> Translated packet OK
Start sending from B and still sending from A
B:SrcPortYY > EP:DstPort --> Original packet and no translation
A:SrcPortYY > EP:DstPort --> Original packet IPXX:SrcPortYY > EP:DstPort --> Translated packet OK
B:SrcPortYY > EP:DstPort --> Original packet and no translation
A:SrcPortYY > EP:DstPort --> Original packet
IPXX:SrcPortYY > EP:DstPort --> Translated packet OK
- Srini_87152Cirrostratus
- AndreMello_3453Nimbostratus
Thanks, Srini. But I guess that this article is oriented to SNAT behavior regarding Virtual Servers, i.e., ingress connections to the VS. My problem is related to egress connections treated by SNAT in the SNAT List.
AM
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com