F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Warren_A__97345's avatar
Warren_A__97345
Icon for Nimbostratus rankNimbostratus
Nov 24, 2009

Traffic Routing with out a Snat ?

Greetings everyone.     I am setting up a pair of HA F5s for my datacenter and I have a problem with IP preservation and I was hoping someone could shed some light on this topic for me. ...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Nov 24, 2009
Hi Warren,

 

 

Try checking SOL7229 for details on configuring a forwarding virtual server for admin access. You could enable SNAT on that and restrict who can connect to the forwarding VIP by VLAN or by IP/subnet using iRules or packet filters.

 

 

SOL7229: Methods of gaining administrative access to nodes through the BIG-IP system

 

https://support.f5.com/kb/en-us/solutions/public/7000/200/sol7229.html

 

 

Also, in terms of support, you might still be able to install 9.3.1 if your service check date is after the 9.3.1 release date even without an active support contract. You could open a case with F5 Support to see if upgrading to 9.3.1 is an option.

 

 

As for the self IP question, you should only need one floating self IP per VLAN (unless you have a lot of SNAT traffic and are seeing/concerned about port exhaustion--which shouldn't be a problem in your scenario if you're not using SNAT for most connections).

 

 

Aaron