Forum Discussion

Kleython_Kell_5's avatar
Kleython_Kell_5
Icon for Nimbostratus rankNimbostratus
May 29, 2012

SNAT/NAT and outgoing just for one Link

Hello, good morning

 

 

 

If someone can help me with the doubts below, thanks a lot:

 

 

 

I have the scanario below:

 

 

 

Particular external IP : 200.200.200.200

 

 

 

Particular internal Ips:

 

10.10.10.1

 

10.10.10.2

 

10.10.10.3

 

 

 

I have 5 links: ( there is one vlan to each LINK, with the associate interface )

 

Link A

 

Link B

 

Link C

 

Link D

 

Link E

 

 

 

for example

 

 

 

I need that all from origin 10.10.10.1 translate to ip 200.200.200.200 but just using one link. Like C for example.

 

 

 

I created one nat, with orig 10.10.10.1 , translate 200.200.200.200

 

 

 

the nat function ok, but its balancing, outgoing for all 5 links

 

 

 

The problem is: I have 5 links. I need that this Outgoing's from origine 10.10.10.1 ( dmz ) that is translate to 200.200.200.200 out just for one specific link. Not balanced.

 

 

 

can you help me with this ?

 

 

 

thanks a lot

 

 

 

att

 

Kleython Kell

 

config
design
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    May 31, 2012
    Hi Kleython,

    Do you want to route anything from 10.10.10.1 - .3 out one VLAN using a specific TMM source address? If not, can you clarify the scenario?

    If so, you could create a pool containing the router, an address type data group (specific_router_pool for example) containing the specific client IPs (specific_clients_dg for example) and use an iRule like this: 

    
when CLIENT_ACCEPTED {
if {[class match [IP::client_addr] equals specific_clients_dg]}{
pool specific_router_pool
}
}

    Aaron
  • Kleython_Kell_5's avatar
    Kleython_Kell_5
    Icon for Nimbostratus rankNimbostratus
    May 31, 2012
    Hoolio, in your example, missed the snat, but I get success with the irule below:

     

     

    when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 192.168.0.101] } {

     

    snat 192.168.11.5

     

    pool default_gw_linkespecifico

     

    }

     

    else {

     

    pool Default_gw

     

    }

     

    }

     

     

    but, is there some way to do this, without use irule?

     

     

    thanks

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    May 31, 2012
    missed the snat

     

     

    Oops! :)

     

     

    but, is there some way to do this, without use irule?

     

     

    You could do this with a virtual server if you wanted to base the source matching on a VLAN instead of a set of client IP addresses by creating an IP forwarding VS enabled only on the client VLAN which has a SNAT pool containing the source IP addres(es) and a pool containing the gateway. But if you need to match on client IP addresses you'll need to use an iRule.

     

     

    Aaron