big-ip cgnat
4 TopicsCGNAT and IP forwarding Simultaneously for exception flows
I have scenario according to the diagram using VIPRIOM 2400 platform as CGNAT solution. I'm using CGNAT for translating our clients(SRC: 100.64.0.0/10) for Internet access. In our regular scenario F5 box translate client address for both Internet access and our internal servers. Now we have a situation where we need our clients connected to an internal web-server(172.16.1.1) with their actual IP address(100.64.0.0/10)). for this purpose I created two 'IP forwarding' matching web-server IP address in each direction. the point is I've Created CGNAT virtual server for Internet access and LTM Virtual server for matching traffic to/from local web server. Clients Internet access which works without any problem. but It seems web-server virtual server doesn't match with any traffic. ltm virtual CGNAT-BRAS--ACCESS-01 { description CGNAT-BRAS--ACCESS-01 destination 0.0.0.0%101:any mask any profiles { CGNAT-L4 { } } source 100.64.0.0%101/10 source-address-translation { pool CGNAT-ACCESS-01 type lsn } translate-address disabled translate-port disabled vlans { VLAN-40 } vlans-enabled vs-index 26 } ltm profile fastl4 CGNAT-L4 { app-service none defaults-from fastL4 loose-close enabled loose-initialization enabled reassemble-fragments enabled reset-on-timeout disabled } ltm virtual local-web-forwarding-client-side { destination 172.16.1.1%101:any l2-forward mask 255.255.255.255 profiles { Forwarding_VS { } } source 100.64.0.0%101/10 translate-address enabled translate-port disabled vlans { VLAN-40 } vlans-enabled vs-index 46 } ltm virtual local-web-forwarding-network-side { destination 100.64.0.0%101:any ip-forward mask 255.192.0.0 profiles { Forwarding_VS { } } source 172.16.1.1%101/32 translate-address disabled translate-port disabled vlans { VLAN-41 } vlans-enabled vs-index 47 } ltm profile fastl4 Forwarding_VS { app-service none defaults-from fastL4 idle-timeout 300 loose-initialization enabled reset-on-timeout disabled }472Views0likes0CommentsDifferences between standalone CGNAT module vs LTM + CGNAT?
Hi all as I see the F5 has standalone license for it's CGNAT module and my question is what is the limitation of having CGNAT standalone module without the LTM license. does the CGNAT module contain load balancing offered by ltm or not. Thanks in advance300Views0likes1Commentmodify CGNAT pool will cause dropping of connections?
Hi I have a question regarding CGNAT pools and the question is what will be happened if i modify the pool of a CGNAT Virtual Server? for example extending the current subnet or reduce the scope range will cause to dropping of existing connections? It's obvious that reducing the scope will cause to drop the connections that matched the source addresses which was removed from the pool but does the system drop the connections even the pool changed in any other way? Thanks229Views0likes0CommentsDNATUTIL to get whole data at once
dnatutil 100.66.10.1 --action forward with above dnautil, we can get public ip and port-range we need to this information for all private ip addresses at once. no need to check one by one ip need to get the whole output with mapping at one time with output as privateip publicip port-range can anyone help in this regard?199Views0likes1Comment