HI All, we have a deployment where F5 will be use as NAT device to replace a router. Im thinking what is the best practice for this, use route domain of just use vlan? Thanks! Ferdz

I'd avoid using Route Domains unless there is a real need for them. As I've asked in your other post, can you provide some further detail please.

Hi Steve, The reason why we need to NAT IP addresses because of the conflicting IPs, Here's the flow Company A <> Router Company A <> F5 <> Router Compny B <> Company B Thanks! Ferdz

Hi Steve, The reason why we need to NAT IP addresses because of the conflicting IPs, we are currently replacing a Cisco router using an F5. Here some snapshots from NAT Router: ip nat pool SUN1 172.26.0.2 172.26.31.254 netmask 255.255.224.0 ip nat inside source list 11 pool SUN1 access-list 11 permit 10.19.0.0 0.0.31.255 ip nat inside source static 10.157.8.84 172.26.210.84 ip nat outside source static 10.103.33.11 10.171.14.111 Here's the flow Company A <> Router Company A <> F5 <> Router Compny B <> Company B Thanks! Ferdz

OK, thanks. So what are you thinking, configure a VLAN on the F5 to be the 'outside' replacement for the router? I presume the F5 already has a leg into your internal network or whatever? So, if that's the case you'll need a network wildcard VS for the outside and inside VLANs and a dedicated SNAT Pool for each. Shouldn't be too hard but please confirm before I get into the nitty gritty.

Can we use NAT instead of SNAT so it will be bi-directional? and for the Dynamic NATing? Origin: 10.19.0.0/19 Translation: 172.26.0.2 -172.26.31.254

F5 as NAT device | DevCentral

16 Replies

Spidey_29396
Nimbostratus
May 10, 2013
Hi Steve,

Im having an issue with my NAT, i have here, i can't initiate traffic to the NAT address..did i missed something?

ip nat inside source static 10.157.8.84 172.26.210.84

ip nat outside source static 10.103.33.11 10.171.14.111

vlan 10 - inside

vlan 20 - outside

ltm nat /Common/172.26.210.84 {

inherited-traffic-group true

originating-address 10.157.8.84

traffic-group /Common/traffic-group-1

translation-address 172.26.210.84

}

ltm nat /Common/10.171.14.111 {

inherited-traffic-group true

originating-address 10.103.33.11

traffic-group /Common/traffic-group-1

translation-address 10.171.14.111

}
What_Lies_Bene1
Cirrostratus
May 10, 2013
OK can you describe the IP setup on the device? Are routes available to all the relevant subnets?

Just in case, it might also be worth clicking through to System ›› Configuration : Local Traffic : General and changing the SNAT Packet Forwarding setting to All Traffic.
Spidey_29396
Nimbostratus
May 10, 2013
F5 is in between a router

router(.228/29-vlan 10)<> (.227/29 F5 .237/29) <> (.238/29-vlan 20)

F5 will use as NAT device bidirectional.
What_Lies_Bene1
Cirrostratus
May 10, 2013
Thanks, so are routes available to all the relevant subnets via the correct VLANs?
Spidey_29396
Nimbostratus
May 10, 2013
yap, i have default gateway
What_Lies_Bene1
Cirrostratus
May 10, 2013
Surely you need more than a default route? Also, please confirm it that's an LTM route or a management/HMS route?

Forum Discussion

F5 as NAT device

16 Replies

Recent Discussions

URL

Portal Access to HTTPS resources slow

HOW TO HIRE A HACKER TO RECOVER STOLEN BITCOIN. CONTACT FASTFUND RECOVERY

Big-IP Next 20.2.0-2.375.1+0.0.43 iRule count problem

rewrite Azure AD response for portal access via web portal

Related Content

Communication between DMZ & Internal devices

Background color and device name on big ip device

Script for auto backup and delete in F5 device

Device Level Statistics on iControlREST

Exceed bandwidth utilization on standby device