Forum Discussion

tolinrome_13817's avatar
tolinrome_13817
Icon for Nimbostratus rankNimbostratus
Feb 11, 2014

snat vs automap, whats the difference?

I'm trying to see the difference between the snat and automap for the Source Address Translation option.   Currently I have traffic coming in to the F5 using automap. What though specifically doe...
application delivery
design
management
security
JRahm_128324's avatar
JRahm_128324
Historic F5 Account
Feb 11, 2014

snat automap uses the egress vlan interface ip. by establishing a snat pool, and attaching, you can control what IP this translates to.

 

For the Client->F5->Server, consider these scenarios:

 

  1. Routed, client source address goes to the server. Routes necessary back through BIG-IP on servers or servers gw

     

  2. Snat Automap, client source is managed on BIG-IP, source is translated to self IP on egress interface heading toward servers. For servers needing source IP for reporting or decision processes, must insert in an application header or possibly in tcp options.

     

  3. Snat Pool, client source is still managed on BIG-IP, but source is translated to an IP you configure and attach to the virtual server. I like this option because I can map external IP -> internal IP by application so I know what flows belong to what application on the inside of the organization/dmz as appropriate. If traffic isn't necessary to come back through the BIG-IP, can also snat to the original client's source IP.