Source Nat Based on ISP

Employee

Jan 07, 2012

can you try something like this? please make sure you have route for snatpool addresses back to f5 on isp routers.

[root@ve1023:Active] config  b virtual bar list
virtual bar {
   pool gateway
   destination any:any
   mask 0.0.0.0
   rules myrule
   persist dest_addr
}
[root@ve1023:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}
[root@ve1023:Active] config  b snatpool pool1 list
snatpool pool1 {
   members 1.1.1.1
}
[root@ve1023:Active] config  b snatpool pool2 list
snatpool pool2 {
   members 2.2.2.2
}
[root@ve1023:Active] config  b snat translation 1.1.1.1 list all
snat translation 1.1.1.1 {
   enable
   limit 0
   tcp timeout indefinite
   udp timeout indefinite
   ip timeout indefinite
   arp enable
   unit 1
   partition Common
}
[root@ve1023:Active] config  b snat translation 2.2.2.2 list all
snat translation 2.2.2.2 {
   enable
   limit 0
   tcp timeout indefinite
   udp timeout indefinite
   ip timeout indefinite
   arp enable
   unit 1
   partition Common
}
[root@ve1023:Active] config  b rule myrule list
rule myrule {
   when LB_SELECTED {
        switch [LB::server addr] {
                "172.28.19.253" { snatpool pool1 }
                "172.28.19.254" { snatpool pool2 }
        }
}
}

[root@ve1023:Active] config  b arp|grep -i 172.28.19
ARP 172.28.19.253 - 00:50:56:B3:03:7F   VLAN external   expire 114s   resolved
ARP 172.28.19.254 - 00:01:E8:D5:D4:47   VLAN external   expire 152s   resolved

[root@ve1023:Active] config  tcpdump -e -nni 0.0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
09:22:15.139645 00:50:56:b3:01:0b > 00:50:56:b3:01:0a, ethertype 802.1Q (0x8100), length 78: vlan 4093, p 0, ethertype IPv4, 200.200.200.101.44085 > 8.8.8.8.80: S 3607310868:3607310868(0) win 5840 
09:22:15.139752 00:50:56:b3:00:b5 > 00:50:56:b3:03:7f, ethertype 802.1Q (0x8100), length 78: vlan 4094, p 0, ethertype IPv4, 1.1.1.1.44085 > 8.8.8.8.80: S 3607310868:3607310868(0) win 5840 

[root@ve1023:Active] config  tcpdump -e -nni 0.0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
09:23:07.224591 00:50:56:b3:01:0b > 00:50:56:b3:01:0a, ethertype 802.1Q (0x8100), length 78: vlan 4093, p 0, ethertype IPv4, 200.200.200.101.52668 > 9.9.9.9.80: S 3931052886:3931052886(0) win 5840 
09:23:07.224700 00:50:56:b3:00:b5 > 00:01:e8:d5:d4:47, ethertype 802.1Q (0x8100), length 78: vlan 4094, p 0, ethertype IPv4, 2.2.2.2.52668 > 9.9.9.9.80: S 3931052886:3931052886(0) win 5840 

[root@ve1023:Active] config  b persist show all
PERSISTENT CONNECTIONS
|     Mode dest addr   Value 8.8.8.8
|        virtual any:any   node 172.28.19.253   age 76sec
|     Mode dest addr   Value 9.9.9.9
|        virtual any:any   node 172.28.19.254   age 27sec

Forum Discussion

Source Nat Based on ISP

Jeff - May 2026 Featured F5er

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

certitcate error

Layered ASM for APM login page protection

migrate from serie I to R. Cluster LTM-GTM

APM URL encoding Hardening?

Trial License for F5 virtual edition in eve-ng

Related Content

Restsh is now available under an Open Source license!

Generic iRule based on datagroup parsing

BIG-IP AFM設定例-NAT

Source IP Based Pool Routing

F5 Distributed Cloud - Traffic Steering based on Client IP Address

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS