CirrusSNAT based on source and destination
Greetings,
I am working on Forwarding (IP) VS.
I have used the next:
when CLIENT_ACCEPTED {
if { [class match [IP::client_addr] equals VPN-SUBNET] } {
if {[class match [IP::remote_addr] equals APP1]} {
snat 10.13.0.25
}
}
else {
forward
}
}
And also this one:
when CLIENT_ACCEPTED {
if { [class match [IP::client_addr] equals VPN-SUBNET] and [class match [IP::remote_addr] equals APP1]} {
snat 10.13.0.25
}
else {
forward
}
}
Both of them do not work, there is no error while building the policy, just the traffic does not get snated to 10.13.0.25.
This one works, but snat all the traffic to 10.13.0.25, and I need only for a specific destination:
when CLIENT_ACCEPTED {
if { [class match [IP::client_addr] equals VPN-SUBNET] } {
snat 10.13.0.25
}
else {
forward
}
}
Could you advise how SNAT from an specific source and destination ?
Thanks,
Edouard.
The problem you have is that in CLIENT_ACCEPTED, IP::client_addr and IP::remote_addr are the same IP address
> Description
> Returns the IP address of the host on the far end of the connection.
> In the clientside context, this is the client IP address.
You can check IP::server_addr, but I'm not entirely sure it will be valid in context.
You probably need a specific virtual server for the required destination, and can then apply the SNAT for some specific client IP addresses.
