Again, I apologize for my naivete. Here is the situation. I have the need to have 2 separate networks, lets say 192.168.16 and 192.168.246. Because of PCI compliance these 2 networks cannot speak directly together but all requests need to go to the firewall then back to big ip. Simply creating 1 to 1 snats may cause big ip to respond to the request without it going to the firewall. However I still have the need for outgoing mail to have a natted external address The use of an iRule was the recommended course by F5 support.
To that end I created a virtual server 0.0.0.0:25 to which I would like to apply this iRule.
class dest_pairs {
"192.168.246.150 198.212.12.150"
"192.168.246.151 198.212.12.151"
}
when CLIENT_ACCEPTED {
set my_spool [findclass [IP::client_addr] $::dest_pairs " "]
if { $my_spool ne "" } {
log local0. "$my_spool"}{
snat $my_spool}
}
Based on the info being logged ($my_spool) i do see the external address, but when I check the firewall logs I see the internal address attempting to go out, which suggests that the snat is not being applied.
Again, any help would be appreciated