Need help to explain VLAN TRAFFIC,VLAN LIST,SNAT POOL

The 'enable on vlan list' is used to limit the VLAN's on which a VS listens or accepts traffic from.

 

 

The SNAT pool is used to specify a pool of addresses that is used for performing SNAT (Source NAT) on proxied connections. The SNAT addresses are local to the F5 device.

 

 

Address and Port translation are where the outgoing connection (server side) from the F5 have their source IP and port set to the CLIENT side address and port, so the backend servers think that the connection is being made from the originating client (As the F5 sees it) and not as a proxied connection from the F5 device.

 

 

H

If I enable SNAT pool, the Source Ip will be natted on which direction? the direction going to the internal servers pool or the direction facing the external client?

 

 

virtual pptp_time_vs { destination 219.225.11.3:any snatpool pptp_snatpool ip protocol tcp profile fastL4 pool pptp_pool

 

pool pptp_pool { monitor all gateway_icmp member 192.168.3.34:any

 

snatpool pptp_snatpool { member 211.24.161.34

 

 

Can I say that if a client initiate a connection to server pool, F5 will initiate a conenction to the server pool with the Source IP= F5 physical IP (not floating IP) which facing the internal server pool.Then server pool return traffic enters F5 & source IP natted as 211.24.161.34 or 219.225.11.3? Does SNATpool natted Source IP of traffic back to client or going out to server pool?

Everything with regards to direction is relative to whichever host opens the connection. So SNAT will NAT the SOURCE address of the connection from the F5 to the poolmember. (I say this because you can create VS's that are used when the servers behind the F5 open connections out to wherever as well - The VS address/netmask is used to match traffic).

 

 

The F5 won't open a connection using it's own self ip (For LB'ed traffic. Monitor traffic WILL be coming from the selfIP address). It'll either open with the client IP (Default if not using SNAT), or the SNAT address (WHich is the floating selfIP if using SNAT automap or one of the addresses in the SNAT pool if using SNAT pools).

 

 

H

anyone has any exmaple of using port & address translation?

 

performance(Layer 4) is between F5 and client or F5 and server pool?

 

hwat does the protocol means in virtual server? Can i say that the virtual server only processed that traffic when it has a full match of protocol, Vlan and vlan list as defined in configuration tab under virtual server? or it will processed when any of these hits?