Forum Discussion

Pierrejn's avatar
Pierrejn
Icon for Nimbostratus rankNimbostratus
Apr 13, 2017

Using SNAT

Quick question for anyone out there. Is it possible to use SNAT to take an outside address and mask it when it comes inside?

 

outside <--> F5 <--> SNAT address talks to inside server

 

application delivery
BIG-IP
LTM
  • dragonflymr's avatar
    dragonflymr
    Icon for Cirrostratus rankCirrostratus
    Apr 13, 2017

    Hi,

     

    It is possible but rather unusual. Assuming that server behind BIG-IP is in 192.168.1.0/24 subnet you need to set SNAT:

     

    Translation: IP from 192.168.1.0/24 or Automap (will use SelfIP in this subnet) Origin: Depends what IPs should have access to this internal subnet (can be All IP4/IP6 or some specific ranges)

     

    Then on upstream device you need to define route to subnet 192.168.1.0/24 (or some smaller range) pointing to BIG-IP selfIP on ext VLAN.

     

    Quite cumbersome and weak on security, but possible.

     

    Piotr

     

  • Hectorm's avatar
    Hectorm
    Icon for Nimbostratus rankNimbostratus
    Apr 13, 2017

    First Create the SNAT POOL GO to Local taffic/address translation/SNAT pool Click Create Put the name of the INTERNAL_SNAT_PL IP ADDRESS : ENTER THE ip ADDRESS AND CLICK ADD- REPEAT FOR EACH ip ADDRESS

     

    CLICK FINISH CREATE A POOL FOR THE VIRTUAL SERVER

     

    CREATE A VIRTUAL SERVER NAME THE SERVER ENTER THE IP ADDRESS OF THE SERVER (EXTERNAL ip ADDRESS) TO ENABLE THE SNAT POOL UNDER THE CONFIGURATION FOR THE VIRTUAL SERVER THERE IS SOURCE ADDRESS TRANSLATION DROP DOWN MENU. SELECT SNAT AND THEN SNAT DROP MENU APPEAR BELOW. SELECT THE SNAP POOL YOU CREATE INTERNAL_SNAT_PL NOW THE VIRTUAL SERVER IS USING THE SNAT POOL. HOPE THIS HELP

     

  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Icon for Nacreous rankNacreous
    Apr 14, 2017

    Have you configured a floating IP address? If not, suggest you do so. Then in your virtual server under source address translation turn on Automap.