Route domain SNAT and NAT implementation

Problem this snippet solves:

According to solution 9933 available on askf5 NAT and snats do not forward traffic within route domains. This limitation is difficult to deal with but below is an effective way to create NAT and snats on LTM-v10.0.x with route domains.

How to use this snippet:


This iRule depends upon a single datagroup (class) of type String named iSnat_List. As well as at least 1 virtual server for SNAT only, or 2 if you want NAT functionality

Example Class

Class definition in BIG-IP

class iSnat_List {
   type string
   filename "/var/class/iSnat_List"

Class file contents "<Source IP in IPv4%RD notation>" := "<Snat IPv4%RD>",

[root@b3400-2:Active] config # cat /var/class/iSnat_List
“” := “”,
“” := “”,

Example Snat Forwarding Virtual

virtual outbound-snat {
   ip forward
   destination any%1101:any
   rules iSnat_RD
   vlans external enable

Example NAT Inbound Virtual with Pool

virtual inbound-NAT- {
   pool inbound-NAT-
   vlans internal enable
pool inbound-NAT- {
   monitor all gateway_icmp
   members {}

Code :

rule iSnat_RD {
  set entry [class search -value iSnat_List equals [IP::client_addr]]
  if { $entry ne "" } {
    snat $entry
    node [getfield [IP::local_addr] "%" 1]%[getfield $entry "%" 2]
    #log local0. "snating src-ip [IP::client_addr] to $entry to node [getfield [IP::local_addr] "%" 1]%[getfield $entry "%" 2]."
  } else {
    log local0. "no Snat found for [IP::client_addr]"
Published Mar 18, 2015
Version 1.0

Was this article helpful?

No CommentsBe the first to comment