Forum Discussion

Altostratus

Aug 27, 2008

Using NAT and SNAT at the same time

Customer have setup like this. They have VS that act like reverse proxy. The backend servers for these VS are not located in their network. They have internal servers, located behind BIG-IP, that need...

config

design

hoolio

Cirrostratus

Aug 28, 2008

I don't think there is a way to apply/disable a NAT from an iRule. However, the behavior you're seeing is expected assuming the destination IP matches a VIP with SNAT enabled:

SOL9039: A virtual server with a SNAT pool takes precedence over matching the NAT (Click here)

I try to avoid NATs altogether. VIPs and SNATs should give you better functionality, including more control over which source and destination hosts are able to communicate directly. You can get some ideas on allowing admin access from SOL7229:

SOL7229: Methods of gaining administrative access to nodes through the BIG-IP system (Click here)

You can take a similar approach for allowing the nodes to access external hosts.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Using NAT and SNAT at the same time

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

Question regarding F5 Viprion Configuration Migration to VE.

Mutual TSL Between Two BigIPs

Big-Ip Edge Client specials characters problems

Which encyrtion algorithm is used when making Kerberos ticket encyrtion.

iControl for Gtm wideip

Related Content

Migrating between sites using stretched VLANs

Using bash and tmsh to make bulk updates

Understanding SNAT

Selective SNAT

Using Tcl packages in iRules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS