Forum Discussion
Srikar
Altostratus
AltostratusUnderstanding SNAT
SNAT pool is configured but source translation is set to None on Virtual Server and there is a pool attached to it which has Allow SNAT as yes? Does translation happens in this case when client send...
Yes, if you have such configuration as this is outside the F5 Virtual servers (VIP) configuration and it works for all traffic matching this SNAT object. The idea is if you want to use the F5 devices just as NAT/SNAT devices without load balancing, you use those objects. You read the article below on how this is done:
https://support.f5.com/csp/article/K47945399
Please also read this as if you have VIP with snat pool or auto map and NAT and SNAT separate objects the VIP SNAT config takes priority over the NAT and SNAT objects. If the VIP does not do source translation then if there are matching NAT and SNAT objects, they are used as the NAT has higher priority than the SNAT. If there is no NAT object and the VIP does not do translation, then the SNAT is used.
https://support.f5.com/csp/article/K9038
To add a bit of clarification, when a packet arrives on the BIG-IP system, and the destination IP address in the packet matches both a host virtual server's Destination Address and a NAT's NAT Address, the virtual server is selected over the NAT (assuming the packet also matches the virtual server's other configuration settings, such as Destination Port, Source Address, and Protocol). Once the host virtual server is selected to process the packet though, nothing in the matching NAT's configuration applies to that traffic. However, if the virtual server's Source Address Translation option is set to None and the source IP address in the packet matches a separate SNAT "listener" object's Origin setting, the system will translate the source IP address for the server-side connection using the SNAT's translation settings. Such a SNAT listener object can be configured in the GUI at Local Traffic > Address Translation : SNAT List.