Virtual Server

Hello,

I think you don't have to create the definition of SNAT or Automap necessary. It's depend on the requirement of source address translation.

regards,

Hi Ko,

Here is the configuration

ltm virtual V_Example-80 {

destination 15.16.20.8:http
ip-protocol tcp
mask 255.255.255.255
persist {
    PRS_COOKIE {
        default yes
    }
}
pool P_Example-80
profiles {
    PRF_GZIP { }
    PRF_HTTP { }
    PRF_ONECONNECT { }
    tcp-lan-optimized {
        context serverside
    }
    tcp-wan-optimized {
        context clientside
    }
}
rules {
    R_REDIRECT_TO_LOGIN
    R_HTTPONLY_COOKIE
    R_REPLACE_HTTP_HTTPS_REDIRECT_HEADER
    R_SECURE_COOKIE
    R_HTTP_REDIRECT_TO_HTTPS
}
vlans {
    example-test-d-fw-inside
}
vlans-enabled

}

When i set SNAT to > Non it's not working. when i set SNAT > Automap. it's accesable internet.

will you please look in to this.user trying to access Services from internet. from outside.

Regards

Dannofrd

I think it will help you Configuring SNATs

Dannofrd,

SNAT (or Secure NAT) is, in essence, Source Address Translation. You only need to use it when you need to change the Source address from the client's true source IP address to something else, for whatever reason.

Usual scenarios for SNAT are when you want to ensure traffic from the server goes back via the f5, in case it's normal default route is not the f5 and it can talk back to the client some other way. This would cause traffic failures.

Also, if you're accessing internet resources, which I believe you are, then you will need to use SNAT as the internal IP address of a client may be a private IP (rfc 1918), ie non-routable on the internet and you need to translate it behind a routable address.

SNAT Automap uses the IP address of the egress interface (floating if in a pair). You could also specific you're own SNAT addresses (on the same subnet) and use these instead.

Hope this helps,

N