For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jason0's avatar
Jason0
Icon for Nimbostratus rankNimbostratus
Mar 02, 2017

SNAT Routing with Routing Domains

I have a test Big-IP setup in an attempt to consolidate NATs and SNATs from several different VLANs onto one device. I setup route domains for each externally accessible VLAN and I'm testing a SNAT to establish communication between a server on a branch office private network to a customer site via a private company network and the internet:

Office Private Network              Company Private Network     Internet            Customer
192.168.100.107 (server)   ----->  10.90.58.84 (SNAT) -------> (Public NAT) ------> 189.189.189.189 (Destination Server)

That connection only works if I use a specific, static route for the customer's IP address but I'd like the Big-IP to use the predefined routes I setup for each route domain. The SNAT is setup as:

Translation IP Address: 10.90.58.84%58
Origin Address List: 192.168.100.107

Here's my setup:

 Route Domains:
Name        ID      Description     Parent Name     VLAN                                    Partition
0           0       Default                         mgmt,scomm, http-tunnel,socks-tunnel    Common
RD.48       48                                      VLAN.48                                 Common
RD.50       50                                      VLAN.50                                 Common
RD.58       58                                      VLAN.58                                 Common

Self IPs:
Name        IP Address          Netmask         VLAN        Traffic Group               Partition
48_self     10.90.48.15%48      255.255.255.0   VLAN.48     traffic-group-local-only    Common
50_self     10.90.50.15%50      255.255.255.0   VLAN.50     traffic-group-local-only    Common
58_self     10.90.58.12%58      255.255.255.0   VLAN.58     traffic-group-local-only    Common
scomm       192.168.100.10      255.255.255.0   scomm       traffic-group-local-only    Common
MGMT        172.16.10.25        255.255.255.0   mgmt        traffic-group-local-only    Common

Routes:
Default
Destination 0.0.0.0
Netmask 0.0.0.0
Gateway Address: 10.90.48.1%48

RD.48_Default
Destination 0.0.0.0%48
Netmask 0.0.0.0
Gateway Address: 10.90.48.1%48

RD.50_Default
Destination 0.0.0.0%50
Netmask 0.0.0.0
Gateway Address: 10.90.50.1%50

RD.58_Default
Destination 0.0.0.0%58
Netmask 0.0.0.0
Gateway Address: 10.90.58.1%58

Any glaring errors in my setup?

application delivery
LTM

2 Replies

  • Jason0's avatar
    Jason0
    Icon for Nimbostratus rankNimbostratus
    Mar 02, 2017

    Also, when I test connectivity w/o via ping w/o a specific route, I receive an error "destination net prohibited".

     

  • JC_175780's avatar
    JC_175780
    Icon for Nimbostratus rankNimbostratus
    Mar 02, 2017

    I have the same issue. When all else is equal, my NAT works with route domains, but my SNAT does not. Pings thru NAT are fine. Pings thru SNAT return "Destination Net Prohibited".