SNAT iRule
I am trying to write a SNAT rule that will use a data group to map the client address to a specific SNAT in version 10.2.3. Due to the protocol, we need this functionality to allow traceability in our environment. The iRule never returns a value from the data group. I have tried many formats for the string group, but no luck in matching. Am I not formating the data group correctly or am I having trouble comparing the string to the address? I've tried many different ways to format the class match line as well.
class snat_map {
{
"\"10.100.61.150\" := { \"10.146.1.7\" }"
"\"10.100.61.150\" { \"10.146.1.3\" }"
"10.100.61.150 := { \"10.146.1.4\" }"
"10.100.61.150 { \"10.146.1.6\"}"
"10.100.61.150 { 10.146.1.5 }"
"10.100.61.150:=10.146.1.3"
}
}
rule snat_rule {
when CLIENT_ACCEPTED {
TCP::collect 8
set srcip [IP::client_addr]
log local0. "Entering iRule snat_rule $srcip"
set snat_address [class match -value "$srcip" equals snat_map]
log local0. "snat_address is $snat_address"
if { "$snat_address" ne "" } {
log local0. "Using address $snat_address"
snat $snat_address
}
Use default SNAT pool if not found
}
}
Feb 15 07:02:55 local/tmm1 info tmm1[2858]: Rule slp_snap_rule : Entering iRule slp_snat_rule 10.100.61.150
Feb 15 07:02:55 local/tmm1 info tmm1[2858]: Rule slp_snap_rule : snat_address is