Irule for SNAT pool
1 TopicLooking for an iRule that will take the same IP from SNAT Pool as that of the source IP.
Hi all, I am trying to set up a client VPN on F5 with SNAT pool enabled. That is (scenario): When BIG IP VPN client hits the virtual server ( where SNAT is enabled with SNAT pool). It chooses a random IP from the SNAT pool to leave the F5 using its self-IP interface, toward my firewall which is behind F5, and from the firewall to the destination server. Hence, the source IP becomes one of the random IPs from the SNAT pool (and not the actual VPN client IP address) when it reaches the firewall (that is behind my F5). If I set SNAT automap, it replaces the source IP as the self-IP address of the F5 and when it reaches my firewall, the source IP is the F5 self-IP address and not the BIG IP VPN client IP. My goal is to retain the source IP as the BIG IP VPN client. Is there a way or irule to achieve that? Saw a irule i don't know if that will work : when CLIENT_ACCEPTED { switch -glob [IP::local_addr] { "17216.48.10" { snat 17216.48.10 } "17216.48.11" { snat 17216.48.11 } "17216.48.12" { snat 17216.48.12 } "17216.48.13" { snat 17216.48.13 } *AND SO ON TILL THE LEASE SUBNET, that a long list of IPs mapped one to one* }} Regards, Zanoob776Views0likes7Comments