Have some code. Share some code.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner
Historic F5 Account

Problem this snippet solves:

According to solution 9933 available on askf5 NAT and snats do not forward traffic within route domains. This limitation is difficult to deal with but below is an effective way to create NAT and snats on LTM-v10.0.x with route domains.

How to use this snippet:


This iRule depends upon a single datagroup (class) of type String named iSnat_List. As well as at least 1 virtual server for SNAT only, or 2 if you want NAT functionality

Example Class

Class definition in BIG-IP

class iSnat_List {
   type string
   filename "/var/class/iSnat_List"

Class file contents "<Source IP in IPv4%RD notation>" := "<Snat IPv4%RD>",

[root@b3400-2:Active] config # cat /var/class/iSnat_List
“” := “”,
“” := “”,

Example Snat Forwarding Virtual

virtual outbound-snat {
   ip forward
   destination any%1101:any
   rules iSnat_RD
   vlans external enable

Example NAT Inbound Virtual with Pool

virtual inbound-NAT- {
   pool inbound-NAT-
   vlans internal enable
pool inbound-NAT- {
   monitor all gateway_icmp
   members {}

Code :

rule iSnat_RD {
  set entry [class search -value iSnat_List equals [IP::client_addr]]
  if { $entry ne "" } {
    snat $entry
    node [getfield [IP::local_addr] "%" 1]%[getfield $entry "%" 2]
    #log local0. "snating src-ip [IP::client_addr] to $entry to node [getfield [IP::local_addr] "%" 1]%[getfield $entry "%" 2]."
  } else {
    log local0. "no Snat found for [IP::client_addr]"
Version history
Last update:
‎18-Mar-2015 15:00
Updated by: