Forum Discussion
AltostratusSNAT/NAT does not work. It changes src and dst ports
Hello guys.
Just applied an SNAT to translate the whole 10.0.0.0/8 network to a SNAT pool compossed of three Public IPs from three ISPs. It works really fine because any user from the inside net gets one IP for navigation. Great..! But I need a unique server 10.1.x.x/32 to reach the Internet by using another IP different from the SNAT pool. It is just simple I thought when creating the SNAT. But, unfortunately it does not work because the BIG IP changes the ports and there is the IP translation, but no real traffic (payload). I also tried with a NAT, but got the same results.
There is the capture. I have completely erased the SNAT IP and partially erased the Private IP and the destination.
Thanks!
4 Replies
DomaiCan you provide both the SNAT pool configs? This is how I would do copy the config to a note pad and then do a find replace and sanitize the ip's use dummy ones. So what you are saying is first pool works fine and the 2nd SNAT pool does not? If bigip changes ports it would store it in its routing table and will change it back unless I am missing something here.
- Vitaliy_Savrans
Nacreous
Hi, may be it don't work because of ip address overlaping. Try to exclude 10.1.x.x/32 from 10.0.0.0/8
What_Lies_Bene1Cirrostratus
Can you show us the CLI output of the SNAT configurations please? The most specific SNAT should be used.
You mean only the source port changes right?
LuisPuma_134788Hello friends,
I send the configuration of the SNAT lists and SNAT pools. Besides changing the ports, the F5 is not matching the more specific SNAT as expected. The f5 is matching the 10.1.190.20 with one IP of the global SNAT.
[root@ns2:Active:Changes Pending] ~ tmsh list /ltm SNAT ltm snat SNAT_Network10 { origins { 10.0.0.0/8 { } } snatpool /Common/pool_SNAT_Network10 } ltm snat snat-vpn-ipsec { origins { 10.1.190.20/32 { } } translation /Common/200.200.200.30 ltm snatpool pool_SNAT_Red10 { members { 100.100.100.20 200.200.200.20 250.250.250.20
