How to perform NAT only when Server is acessing it VS

Question

Hi,&nbsp;
I have a need to configure a Big-IP LTM in order that the real servers can also contact its Virtual Server, but have its IP NATed for this comunnication.
This Servers also need to contact other Servers and have to cross the F5 for this comunication without having the IP NATed in this case.&nbsp;
How can we configure this conditional NAT?&nbsp;
Regards&nbsp;

ed_summers · Answer

Since you don't want to SNAT the servers when they're accessing other objects through the BIG-IP, one solution would be to apply an iRule to your Virtual Server that performs the SNAT. The below assumes you have created a data group called 'the_servers' that contains IP addresses of the servers to which you wish to apply SNAT. Create and populate the data group, create the iRule, and apply the iRule to your VS.
when CLIENT_ACCEPTED {
    if { [class match [IP::client_addr] equals the_servers] } {
        snat automap
    }
}

I used automap as an example, but if you have a specific SNAT address you can use that as well.
References:
SNAT article
Snatpool article - in case you need a snatpool instead of SNAT

Forum Discussion

How to perform NAT only when Server is acessing it VS

1 Reply

Recent Discussions

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

SMTP profile not visible & showing

About AWAF "Redirect URLs" in "Responses and Blocks"

F5 iRule to replace host to path

Related Content

Security First, Performance Always: How F5 Drives Citrix VDI Excellence in Application Delivery

Enhance Performance and Increase Scalability with F5 BIG-IP on HPE GreenLake

VIP-targeting-VIP solution using Standard and performance L4 VS

Perform out-of-place upgrade of vCMP guests via Ansible

Performance L4 VS - HTTPS [X-forwarded-for]