F5 as NAT device

I'd avoid using Route Domains unless there is a real need for them. As I've asked in your other post, can you provide some further detail please.

Hi Steve,

 

 

The reason why we need to NAT IP addresses because of the conflicting IPs,

 

 

Here's the flow

 

 

 

Company A <> Router Company A <> F5 <> Router Compny B <> Company B

 

 

Thanks!

 

Ferdz

Hi Steve,

 

 

The reason why we need to NAT IP addresses because of the conflicting IPs, we are currently replacing a Cisco router using an F5.

 

Here some snapshots from NAT Router:

 

 

ip nat pool SUN1 172.26.0.2 172.26.31.254 netmask 255.255.224.0

 

ip nat inside source list 11 pool SUN1

 

access-list 11 permit 10.19.0.0 0.0.31.255

 

ip nat inside source static 10.157.8.84 172.26.210.84

 

ip nat outside source static 10.103.33.11 10.171.14.111

 

 

 

 

Here's the flow

 

 

 

Company A <> Router Company A <> F5 <> Router Compny B <> Company B

 

 

Thanks!

 

Ferdz

OK, thanks. So what are you thinking, configure a VLAN on the F5 to be the 'outside' replacement for the router? I presume the F5 already has a leg into your internal network or whatever? So, if that's the case you'll need a network wildcard VS for the outside and inside VLANs and a dedicated SNAT Pool for each. Shouldn't be too hard but please confirm before I get into the nitty gritty.

Can we use NAT instead of SNAT so it will be bi-directional? and for the Dynamic NATing?

 

 

Origin:

 

 

10.19.0.0/19

 

 

Translation:

 

 

172.26.0.2 -172.26.31.254

Should be able to do static NATs for these two: 10.157.8.84 <> 172.26.210.84 and 10.103.33.11 <> 10.171.14.111 and an overload/dynamic SNAT one way for;

 

 

Origin: 10.19.0.0/19

 

Translation: 172.26.0.2 -172.26.31.254

 

 

Does that meet your needs?

Hi steve,

 

 

Is f5 NAT bi-directional? For example,

 

Origin:10.157.8.84

 

NAT: 172.26.210.84

 

 

Can i initiate traffic to 172.26.210.84?

 

 

Also,in the snat u gave? What are the ways i can initiate thru the snat ip addresses?

Yes a NAT is bi-directional (perhaps it needs to be enabled on the relevant VLANs though, can't remember)

 

 

Regarding the SNAT, you would need two as you have now, one for each direction and only one side could initiate; no different to how it would work on the Cisco router.

Hi Steve,

 

 

Thanks for the help.I will be testing it on our lab setup before going to live migration.

 

 

 

Thanks!

 

Ferdz

You're welcome, post back if you have any issues.