SNAT and NAT precedence

Question

Hi,&nbsp;
In SOL9038 there is sentence "For example, a SNAT with an origin address of 10.10.64.0/24 takes precedence over a SNAT with an origin of default. Additionally, a SNAT with an origin address of 10.10.64.2 takes precedence over a NAT with an origin address of 10.10.64.2."&nbsp;
I did tests (on 11.2.0) and there is no way to create SNAT and NAT object with the same origin IP. Error is displayed when second object is saved with info about origin IP already used.&nbsp;
Is that bug in GUI or error in SOL, or I am missing something important?&nbsp;
Piotr&nbsp;

stephanmanthey · Answer

Hi Piotr,&nbsp;
I have no idea, why the documentation discusses the specific subject.&nbsp;
A NAT configuration works bi-directional:&nbsp;
- traffic to the NAT (incoming) will be forwarded to the "Origin" by applying destination address translation &nbsp;
- traffic from the "Origin" (outgoing) will be forwarded to target and source address translation is applied  &nbsp;
Where is the use case to combine a SNAT with a NAT? &nbsp;
Whenever possible I avoid to create so called Default SNATs (aka SNAT List entries). Instead I´m using virtual servers to forward traffic and apply SNAT as SNAT AutoMap / SNATpool as property of the virtual server or via iRule.&nbsp;
Thanks, Stephan&nbsp;

dragonflymr · Answer

Hi,&nbsp;
Well, I have as well no idea why it's presented that way in mentioned SOL. I can't figure out scenario for SNAT-NAT precedence. I was just curious why there is such example when there is no way to create object with same origin IP. I am just learning LTM so sometimes I don't know if it's my lack of knowledge and experience or info in SOL is just plain wrong or my version of TMOS has some bug.
Anyway, thanks for reply.&nbsp;
Piotr &nbsp;

stephanmanthey · Answer

Hi Piotr,   
thanks. I agree, there is a couple of ways to handle traffic. Some of them are just there for legacy reasons.  
And this is confusing, even if one if pretty familiar with the pure technical aspects.  
Anyway, this is the right place to ask for explanation. :)  
Thanks, Stephan

dragonflymr · Answer

Great there are people having time to answer novice questions like mine!&nbsp;
Piotr&nbsp;

Forum Discussion

SNAT and NAT precedence

4 Replies

Recent Discussions

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

Related Content

Verifying Local Traffic Policy and iRule Precedence

Knowledge sharing: Order of precedence for BIG-IP modules, ASM DDOS Protection, Bot Protection

SNAT IP address logging

SNAT pool persistence

VS precedence