Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

BIGIP LTM - Outbound DESTINATION NAT

Hello,

I have the following constraints. The customer has an instance in AWS. We have an IPSEC Tunnel between the F5 in the data center and AWS. The subnet used in AWS for various reasons cannot be routed inside our DC network. So for traffic initiated from AWS I have a forwarding VS that does SNAT and the routing layer between the F5 and the server has no issues as the SNAT IP is an IP on a internal subnet (say 1.0.0.1). However if the servers in the DC need to initiate the connection to servers outside, the only solution I can think of is using destination NAT. So the internal server (10.0.0.1) will send traffic to 1.0.0.2 and the F5 would need to NAT that destination to the real IP (say 192.168.1.2). 1to1 NAT is possible on the F5 but it always assumes a source IP being NATed not a destination IP. Any ideas how I can have the destination NAT done?

Thank you Carol

0
Rate this Question
Comments on this Question
Comment made 2 months ago by Pete White

You can use a Layer 4 virtual server instead. ie a VS with the internal network IP of the AWS server ( 10.0.0.2 ), the pool member as the actual IP of the AWS server and use the SNAT to change the source address as well. You can set loose init and loose close on the fastL4 profile to make it act like a router.

The problem is that you are doing forwarding on your VS, where the destination address is not changed.

0
Comment made 2 months ago by domokos 68

Thank you. I tried it and it seems to work fine.

1

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You can use a Layer 4 virtual server instead. ie a VS with the internal network IP of the AWS server ( 10.0.0.2 ), the pool member as the actual IP of the AWS server and use the SNAT to change the source address as well. You can set loose init and loose close on the fastL4 profile to make it act like a router.

The problem is that you are doing forwarding on your VS, where the destination address is not changed.

0