CGNAT and IP forwarding Simultaneously for exception flows
I have scenario according to the diagram using VIPRIOM 2400 platform as CGNAT solution. I'm using CGNAT for translating our clients(SRC: 100.64.0.0/10) for Internet access. In our regular scenario F5 box translate client address for both Internet access and our internal servers. Now we have a situation where we need our clients connected to an internal web-server(172.16.1.1) with their actual IP address(100.64.0.0/10)). for this purpose I created two 'IP forwarding' matching web-server IP address in each direction. the point is I've Created CGNAT virtual server for Internet access and LTM Virtual server for matching traffic to/from local web server. Clients Internet access which works without any problem. but It seems web-server virtual server doesn't match with any traffic. ltm virtual CGNAT-BRAS--ACCESS-01 { description CGNAT-BRAS--ACCESS-01 destination 0.0.0.0%101:any mask any profiles { CGNAT-L4 { } } source 100.64.0.0%101/10 source-address-translation { pool CGNAT-ACCESS-01 type lsn } translate-address disabled translate-port disabled vlans { VLAN-40 } vlans-enabled vs-index 26 } ltm profile fastl4 CGNAT-L4 { app-service none defaults-from fastL4 loose-close enabled loose-initialization enabled reassemble-fragments enabled reset-on-timeout disabled } ltm virtual local-web-forwarding-client-side { destination 172.16.1.1%101:any l2-forward mask 255.255.255.255 profiles { Forwarding_VS { } } source 100.64.0.0%101/10 translate-address enabled translate-port disabled vlans { VLAN-40 } vlans-enabled vs-index 46 } ltm virtual local-web-forwarding-network-side { destination 100.64.0.0%101:any ip-forward mask 255.192.0.0 profiles { Forwarding_VS { } } source 172.16.1.1%101/32 translate-address disabled translate-port disabled vlans { VLAN-41 } vlans-enabled vs-index 47 } ltm profile fastl4 Forwarding_VS { app-service none defaults-from fastL4 idle-timeout 300 loose-initialization enabled reset-on-timeout disabled }
