Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

smp_86112's avatar
smp_86112
Icon for Cirrostratus rankCirrostratus
Oct 28, 2009

SNAT to designated Pool Members without iRule

I know this is asking a lot...     Consider a pool with two pool members. One member is in a LTM VLAN, and another is not. If I envision this correctly in my head, forwarding will fail to t...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Oct 28, 2009
Hi Scott,

 

 

I think you'll need an iRule as the SNAT configuration you can add to a virtual server doesn't allow you to enable SNAT based on destination IP addresses/subnets.

 

 

A selective SNAT iRule should be relatively low overhead and provide the functionality you're needing without having to explicitly define which pool members need SNAT and which ones don't:

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/SelectiveSNAT.html

 

 

You could try adapting this to check if the LB::server addr is not in the same subnet as the self IP address that will be used to SNAT the request. You'd probably need to hardcode this subnet in the iRule.

 

 

Aaron