SNAT ENQUIRIES

Question

Hi Team,&nbsp;
I have an application server on F5 LTM. The web server has two nodes in it pool. The VIP address on the Virtual server is 10.x.x.xxx, while each of the node also has IP addresses in same class. The VIP and the pool are working well on the F5. But the problem is that i have a registered domain name with IP y.y.y.yy. I want to know how i can configure my F5 such that when my clients type the domain name, it goes to the virtual server on my F5 and display  it .&nbsp;
I know i can SNAt but am confused about the procedure. My model of F5 is Big 2000 series.&nbsp;
Please i want help on the procedures and that is why i have given the description of the IP addresses on each node.&nbsp;
Thanks&nbsp;

lee_sutcliffe · Answer

You shouldn't need to do anything on your F5. &nbsp;
Update the Public DNS A record with an IP address in your public IP range. &nbsp;
Assuming traffic will be routed down to your perimeter firewall (or router) Do destination NAT on the public IP to the 10.x.x.x address on your VIP. &nbsp;

youssef1 · Answer

Hi,&nbsp;
Lee summed it up well, maybe your problem is not clear.&nbsp;
In fact, we will resume everything step by step and if there is a step that you do not understand let me know:&nbsp;
you have your internal VIP with IP: 10.10.10.100&nbsp;
You have your IP public 195.10.10.100 that Nat destination traffic to your VIP (10.10.10.100)&nbsp;
The client enter the DNS query on his browser app.domain.com (dns resolve to 195.10.10.100)the client query reach the FW on the IP 195.10.10.100FW nat client query (Destination) to 10.10.10.100F5 Process query and FW traffic to your node.F5 process a snat in order to avoid asymetric traffic, in order that respons go back from F5F5 FW traffic to the node with F5 IP (source nat: snat_automap)
The response go back using the same path.&nbsp;
let me know if something is not clear.&nbsp;
regards.&nbsp;

Forum Discussion

SNAT ENQUIRIES

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

SNAT IP address logging

SNAT pool persistence

F5 SMTP Fast Template - SNAT Not working as expected

Multiple SNAT pools under a single VIP

Understanding SNAT