Hi PATLOC,
sorry for responding late (two long days on customer site).
Source NAT (aka F5 "Secure NAT") has a couple of aspects and on F5 TMOS you will see multipe of ways to get it applied.
Following methods can be used:
-
SNAT Automap (floating self IP of outgoing [aka serverside VLAN] will be used to replace the client IP address)
-
SNATpool (address from a pool of specified addresses will be picked to replace the client IP address)
-
Default SNAT (global configuration object specifying the inbound VLAN or client IP address/range an the associated SNAT translation address or SNATpool)
-
Simple specific
SNAT by using the "snat " command in an iRule ("snat_address" will be used to replace the client IP address)
-
Simple SNAT based on
SNATpool by using the "snatpool command in an iRule (address contained in "snatpool_name" will be used to replace the client IP address)
-
Selective SNAT in iRule will match for conditions, i.e. original client IP address, destination IP address (in case of forwarding virtual servers or virtual servers with destination NAT disabled and associated with a next hop pool [aka "gateway_pool"])
Please keep in mind, that SNAT can be by default applied to TCP and UDP traffic only. A global setting has to be done, if you want to source NAT i.e. ICMP or other traffic with non-TCP/UDP transport protocols.
(Change it in WebUI: System >> Configuration : Local Traffic : General [SNAT Packet Forwarding: All traffic].)
Source NAT can be applied by specifying a Default SNAT (I avoid this approach wherever possible), configuring SNAT AutoMap or a SNATpool in context of a virtual server or by assigning an iRule with SNAT function to a virtual server.
So source NAT will either require a Default SNAT or a matching virtual server with related configuration parameters or iRule.
If I understand your question right, you want to apply a selective decision.
Would you please provide the following information allowing us to support you:
- Original client IP address/es or ranges in case you want a specific handling,
- Address/es to be used to replace the client IP address in forwarded IP datagram,
- Destination address/es where traffic has to be forwarded to in case you want a specific handling,
- Transport protocol (i.e. TCP/UDP or just ICMP),
- Verbal description of the decision criteria (i.e. picking a SNAT depending on the original client IP address/range or picking a SNAT depending on the target or next hop).
Thanks & enjoy weekend, Stephan