Forum Discussion

Vijay_01's avatar
Vijay_01
Icon for Altostratus rankAltostratus
Mar 27, 2017

SNAT Issue

Hi All,

 

I am reading one SNAT document "https://support.f5.com/csp/article/K7820?sr=29125585%0D"; Here it is mentioning that when the outside client is accessing some internal server, and if in the SNAT configuration, we have defined the client IP address as the "ORIGIN" address, then it will translate the client's source IP address into the SNAT address.

 

But I am having problem in understanding the following statement in the above page "A SNAT can be used by itself to pass traffic that is not destined for a virtual server. For example, you can use a SNAT object to pass certain traffic (such as DNS requests) from an internal network to an external network where your DNS server resides."

 

I want to know in the above case what would be "ORIGIN" address and "SNAT" address. Since the traffic is originating from the internal network (lets say from the server) and going outside, will we choose the internal server's IP as the "ORIGIN" address or the outside DNS server's IP as the "ORIGIN" address.

 

Please help me in understanding this.

 

Thanks in advance

 

application delivery
LTM

1 Reply

Sort By
  • Nicholas_P__308's avatar
    Nicholas_P__308
    Icon for Cirrus rankCirrus
    Mar 27, 2017

    this depends on your environment. A TCPDUMP can verify. If you have an application server reaching the front-end of the BIGIP F5 that typically means you have a firewall rule allowing the application server to access the front-end, in this case the source I.P. would be the application server I.P. Address (not vip) it would then get translated into a traffic-group or SNAT pool I.P.

     

    Ran into this one last week, once again, I would setup a TCPDUMP on the front-end of the BIGIP F5 in order to verify.