Source NAT

Question

I have a virtual server with 2 real servers. As I am enabling SNAT I see the connections are not successful. Without SNAT it works well. I have chosen VIP as NAt IP. In pool setting Allow NAT is checked.&nbsp;
I have checked routing. Is there anything I am missing here?&nbsp;

kevin_stewart · Answer

Both "Allow NAT" and "Allow SNAT" should be enabled/checked in the pool config. What do you mean by "I have chosen VIP as NAt IP"? A SNAT should use an address, a self-IP address if using automap, that is in the same subnet as the real server (or at least an address that the real server can route back to). With SNAT automap enabled, run a TCPDUMP capture:
tcpdump -lnni 0.0 [additional filters]

where [additional filters] is anything you may need to focus in on specific traffic (ex. port 80 and host x.x.x.x and host x.x.x.x). What you want to see is client traffic arriving at the VIP - source address is the client's IP and destination in the VIP's IP. Then (again with SNAT automap applied) traffic arriving at the server - source address is the internal self-IP of the F5 and destination is the server's IP. With that you should see response traffic flow back the same direction it came.

Forum Discussion

Source NAT

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Same LTM Monitor applied to different Pools with Common Nodes

irule execution error

F5 AWAF/ASM learning only from Trusted traffic?

OWA File Upload URIs for WAF Bypass

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Related Content

BIG-IP AFM設定例-NAT

Phishing, Malware, Breach and Open-Source Security

The Power of Source Address

iControl Library For Java With Source

NAT for specific IPs

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS