Forum Discussion
hooleylist
Jun 30, 2008Cirrostratus
You could replace the functionality of the SNAT with a virtual server. The VIP could have SNAT enabled if it's required for routing. What destination IP the VIP is configured on depends on what outbound traffic you want to match. If you want to match all addresses and ports, configure the VIP with a destination IP of 0.0.0.0/0.0.0.0 on port 0. Disable address translation, set SNAT to automap and set the pool to a pool containing your default gateway(s). If you want to traffic originating from one VLAN, enable the VIP only on that VLAN. If you run into problems troubleshooting the new VIP, you can add an iRule to log new connections.
when CLIENT_ACCEPTED {
log local0. "[IP::client_addr]:[TCP::client_port]: New connection from client to VIP. Requested IP:port: [IP::local_addr]:[TCP::local_port]"
}
Aaron