I have the following constraints. The customer has an instance in AWS. We have an IPSEC Tunnel between the F5 in the data center and AWS. The subnet used in AWS for various reasons cannot be routed inside our DC network. So for traffic initiated from AWS I have a forwarding VS that does SNAT and the routing layer between the F5 and the server has no issues as the SNAT IP is an IP on a internal subnet (say 220.127.116.11). However if the servers in the DC need to initiate the connection to servers outside, the only solution I can think of is using destination NAT. So the internal server (10.0.0.1) will send traffic to 18.104.22.168 and the F5 would need to NAT that destination to the real IP (say 192.168.1.2). 1to1 NAT is possible on the F5 but it always assumes a source IP being NATed not a destination IP. Any ideas how I can have the destination NAT done?
You can use a Layer 4 virtual server instead. ie a VS with the internal network IP of the AWS server ( 10.0.0.2 ), the pool member as the actual IP of the AWS server and use the SNAT to change the source address as well. You can set loose init and loose close on the fastL4 profile to make it act like a router.
The problem is that you are doing forwarding on your VS, where the destination address is not changed.
Thank you. I tried it and it seems to work fine.