Forum Discussion
nitass_89166
Noctilucent
Would you create one virtual-server as a catch-all, and then one virtual-server that used an irule that attempted to match on a number of different data groups? Each data group would contain the destination prefixes for each NAT? Or would everything have to be done in one virtual-server?
we cannot have multiple virtual servers with the same destination and source. in that case, we can use one wildcard virtual server and use irule to selectively snat.
branfarm_139474
Nimbostratus
May 02, 2014Would this be the right irule for the outbound snat portion?
when CLIENT_ACCEPTED {
if {[class match [IP::local_addr] equals pubdmz_prefixes] } {
snatpool snat-pubdmz-10.8.6.26
} elseif {[class match [IP::local_addr] equals dmz_prefixes] } {
snatpool snat-dmz-10.8.5.26
} elseif {[class match [IP::local_addr] equals partner_prefixes] } {
snatpool snat-partner-10.8.7.26
} else {
snatpool snat-external-10.8.8.22
}
}