Forum Discussion

vj_singh_177738's avatar
vj_singh_177738
Icon for Nimbostratus rankNimbostratus
Jan 15, 2015

why do we use snat pool list

In my environment.. we are doing snat, In address translation in 11.4 public to private IP address and using address range. and using snat pool list also. where we are using private IP address which ...
vj_singh_177738's avatar
vj_singh_177738
Icon for Nimbostratus rankNimbostratus
Feb 02, 2015

Thank you stepphan for your answer!

 

But did not understand requirement of creating snat list and snat pool for same customer. An entry is created in snat list for 12.10.112.x private subnet range of our servers (10.1.1.0/29) in address list.

 

And an entry in snat pool list for IP 12.10.112.x with a different IP address (10.0.11.x) in VIP snat pool is called. Not able to understand requirement of both. because when I delete snat list addressed the also it works. is there a real need of configuring both snat list or snat pool. In which case it is required to configure both. Sorry for asking it again but I am very much confused here.

 

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Feb 02, 2015
    No need for both, depending on your requirements of course. A snat pool is signed to a VIP and will do source address transmission on traffic using the VIP. If u just want to allow traffic through the bigip without a virtual server and to nating then a snat list will help here.
  • StephanManthey's avatar
    StephanManthey
    Icon for Nacreous rankNacreous
    Feb 02, 2015
    Hi vj_singh, there is no need for "SNAT List" object configurations (aka Default SNAT) in most environments. Using a "SNATpool List" object instead (perhaps just with a single address) or just SNAT AutoMap works well in most environments and give you much better control. If you have a SNATpool object defined and apply it via direct mapping on a virtual server or via an iRule it will be fine. No more need for a "SNAT List" configuration. Whenever you configure a "SNAT List" object or "SNATpool List" object a new entry will show up in the "SNAT Translation List". It will show the IP addresses to be used for SNAT purposes and allows you to configure protocol specific timeouts. It is recommended, to modify the default values ("indefinite") to something matching your traffic flow needs. I hope, this answers your question. In another thread (https://devcentral.f5.com/s/feed/0D51T00006i7Zy3SAE) I tried to summarize things as well. Thanks, Stephan