SNAT question
If I a SNAT Pool with only 1 IP in the Member List, will Big-IP allow traffic initiated from the outside in and then translate that address to the IP in the Member List?
For example, if I have a server at 10.1.1.1 and I create a SNAT pool translating that IP to 1.1.1.1, if a device from the Internet tries to initiate traffic to 1.1.1.1, will the LTM allow that traffic in and then translate it to 10.1.1.1 or will the translation only take place if 10.1.1.1 initiates the traffic?
Thanks.
A SNAT pool will translate traffic coming through the BIG-IP bound for a resource 'behind' it. So for example:
Client IP address - 10.100.100.100 Server IP address - 20.100.100.100 BIG-IP virtual server IP address - 10.10.10.10 SNAT pool member - 20.10.10.10
Client will initiate a connection the virtual server IP address. The virtual server being configured with the SNAT pool will translate the source IP address of the traffic to 20.10.10.10 and send along to the server at 20.100.100.100.
If for some reason a client sends traffic to the SNAT pool member (if routing is in place to allow this to happen), the BIG-IP will drop the traffic.
SNAT translation will only occur when traffic is destined to the virtual server IP address to which the SNAT pool is applied.