For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Felipe_Nogueira's avatar
Felipe_Nogueira
Icon for Nimbostratus rankNimbostratus
Feb 22, 2011

Subnet configuration for Snat Pool/Snat

Hi,     I need to configure an Snat Pool and Snat to translate a whole subnet including the network address and broadcast address the external networks are 200.166.92.128/25 and 201.15.234.128/2...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Feb 22, 2011
Hi Felipe,

You'd need to use an iRule for this. You could basically check in CLIENT_ACCEPTED to see if the client IP (IP::client_addr) is in a datagroup of source IP address/networks to SNAT. You could then apply the SNAT using logic like this: 

when CLIENT_ACCPTED {

    Check if client IP is in address datagroup of allowed source addresses
   if { [class match [IP::client_addr] equals allowed_snat_clients_class] }{

       Take the last octet of the client IP and use that for the SNAT address
      snat "172.23.180.[getfield [IP::client_addr] . 4]"
   }
}

Note that you don't need to define any SNAT object to use this iRule.

Aaron