Forum Discussion

Nimbostratus

Dec 14, 2011

Snat on the egress interface + vpn connection

Hi all, I have a LTM + LC and i am load balancing 2 ISP, and i have ASA (behind LC) which terminate a VPN. I want to perform Snat on the egres interface on the F5. Using automap do not hel...

config

design

HW_36020

Nimbostratus

Dec 14, 2011

George

I have done something similar with a IpSec tunnel on my new v11 LTM that terminates the IPSec VPN and have another LTM behind it that NATS the traffic before it enters the tunnel. The way I have done this is created a VS on my downstream LTM that listens for the traffic on x.x.x.x:any with a custom SNAT pool.The custom SNAT pool ( ISP1_outbound) only contains the NAT address y.y.y.y for egress to the IPSec tunnel on my upstream LTM. This forces the traffic to be NAT'ed before it hits the upstream LTM and enters the tunnel so that the tunnel knows it is to be sent to the opposite peer gateway using ESP.

hope this helps.

Forum Discussion

Snat on the egress interface + vpn connection

Recent Discussions

Big-IP Next 20.2.0-2.375.1+0.0.43 iRule count problem

URL

Problems connecting to vpn after upgrading to ubuntu 24.04

Wildcard SSL Certificate Deployment on F5 LTM

iRule resulting in too many redirects

Related Content

Egress control for Kubernetes using F5 Distributed Cloud Services

Application Programming Interface (API) Authentication types simplified

Ingress/Egress VPC inspection with BIG-IP and GWLB

How to Use F5 Distributed Cloud to Obfuscate Ingress and Egress Traffic

Ingress/Egress and inter VPC inspection with BIG-IP and GWLB deployment pattern