Forum Discussion
NimbostratusSource NAT on VS restricting to specific interfaces only.
Hi,
I have a BIG-IP with a bunch of interfaces, external, 10 x internal ones & a mgmt. I use an ip forwarding VS with SNAT to get out to the internet from the internal interfaces with a public NAT. However I want to route directly between the internal interfaces and the mgmt interface without NAT. I have added the relevant routing ok but the issue I have is that the F5 NATs the traffic to the mgmt network with the external ip.
I tried adding it a more specific forwarding VS from the internal interfaces to the mgmt interface but it broke the outbound one. Is there a way to have a SNAT VS from a source of subnet (which includes all the internal interfaces subnets) to a dest of 0.0.0.0/0 but for it to exclude the traffic destined for the mgmt interface.
NOTE THIS IS NOT THE F5 mgmt interface it's just called 'mgmt'
Thanks Pete.
Leonardo_SouzaCirrocumulus
You have to configure a forward virtual server with 0.0.0.0, and a more specific with the mgmt network as destination. Make sure you enable the virtual servers only in the internal networks.
This solution explains how the precedence works for virtual servers:
https://support.f5.com/csp/article/K14800
Just to provide the complete picture, this one explains all listeners:
https://support.f5.com/csp/article/K9038
You said you tried to create a more specific virtual server, and did not work. Review the solutions and try again. Post the configuration of your virtual servers here in the case does not work.