In my environment.. we are doing snat, In address translation in 11.4 public to private IP address and using address range. and using snat pool list also. where we are using private IP address which is different.
Now not able to understand what is the requirement to use snat pool list?
Difference between snat list and snat pool list in 11.4 version.
Is is required to use both to work? Please help I am new to F5.
A SNAT List is, like a virtual server, a listener. So, any traffic which traverses the BIG-IP from the configured Origin will get translated to the Translation IP address.
A SNAT Pool is a list of Translation addresses. You'd add this object to a virtual server so any traffic egressing the BIG-IP will be hidden/translated by one of the addresses in the pool (think it's round robin)
Hope this helps,
what will happen if i configure snat pool only not snat list. Will it work or not.
We are creating enrty in snat list for 12.10.112.x private range of our servers in address list.
And creating entry in snat pool list for IP 12.10.112.x with a single different subnet Ip address.
Not able to understand requirement of both. Please help.
Thank Nattan, But not able to understand what is the snat list. is it for inbound traffic or outbbound traffic or for both.
IP address in snat pool list are used for outbound..I think.. Please correct me if I am wrong
As Nathan said a SNAT object (objects that appear on the SNAT list) will translate source IP address in packets. When a packets source IP addr matches a SNAT objects origin address list the SNAT will translate that source IP to whatever is listed in the SNATs translation setting. The translation setting has 3 choices: automap, IP addr, and SNAT pool. The translation setting controls whether the SNAT translates the packets source IP to a specific address (IP addr), uses a self-IP (automap), or selects an address form a list of multiple IP addresses (SNAT pool).
SNAT pools do not translate anything on their own, it is simply a list of address that can be used for translation purposes by a SNAT.
the "SNAT list" or "default SNAT" (legacy F5 term, if I remember right) forwards traffic (specified in the "Origin" section (might be VLAN(s) and/or IP adddress(es) / IP address range(s)) independently from a virtual server. (Nathan described it similarily as a listener.)
As a SNAT entity it will replace the original source IP address with the defined SNAT address.
In case there is a virtual server handling the traffic, the default SNAT may apply as well if there are no configuration options in your pool settings or iRules preventing it.
Whenever possible I try to avoid using "SNAT lists" / "default SNATs".
Instead I specify a SNATpool or SNAT AutoMap in the context of a virtual server.
The virtual server might be a network virtual server in mode IP forwarding.
By using virtual servers (sometimes combined with an iRule for selective SNAT operations) you will get much better control and visibility of your traffic.
In case you are using SNAT with pre-defined addresses (applies as well with SNATpools) make sure to assign idle timeouts in the SNAT address section, please.
If you want to SNAT non-TCP/non-UDP traffic (i.e. ICMP) it will be necessary to modify a global setting which can be found in the WebUI: (System >> Configuration : Local Traffic : General [SNAT packet forwarding]).
Or use tmsh instead to enable/disable this feature globally:
tmsh modify sys db snat.anyipprotocol value enable
tmsh modify sys db snat.anyipprotocol value disable
Thank you stepphan for your answer!
But did not understand requirement of creating snat list and snat pool for same customer.
An entry is created in snat list for 12.10.112.x private subnet range of our servers (10.1.1.0/29) in address list.
And an entry in snat pool list for IP 12.10.112.x with a different IP address (10.0.11.x)
in VIP snat pool is called.
Not able to understand requirement of both. because when I delete snat list addressed the also it works. is there a real need of configuring both snat list or snat pool. In which case it is required to configure both.
Sorry for asking it again but I am very much confused here.