Forum Discussion
JRahm
Jul 14, 2006Admin
As the ltm is not a firewall by nature, it doesn't treat vlans as outside/inside from a policy standpoint. That said, if you have a connection hitting a vip, and a pool of assigned servers that are *outside*, you'll need to snat to get the traffic to route back through the ltm. You can snat automap, or you can build a snatpool with 1 or more addresses in it. You shouldn't need a rule for this.
BTW, you can snat on the same address as your virtual to conserve IP space if this is a concern.
pool smtp_testpool {
lb method member predictive
min active members 1
monitor all POST
member 192.168.168.76:smtp
member 192.168.170.50:smtp priority 2
}
snatpool smtp_snatpool {
member 172.20.150.25
}
virtual smtp_snat_external {
destination 172.20.150.25:smtp
ip protocol tcp
pool smtp_testpool
snatpool smtp_snatpool
vlans external enable
}
You can email me offline if you pursue a non-iRules approach, as this forum is not for configuration issues.