inbound is DNAT and outbound is SNAT?

Hi,

 

 

Snat, regardless of context of inbound/outbound will perform source address translation of the source IP address when LTM establishes the egress connection. The first VIP (kmportal_time_vs) doesn't use SNAT explicitly while the second VIP (pptp_time_vs) does use a SNAT pool. You could still have a default SNAT defined which would take effect for the first VIP.

 

 

Does this answer your questions?

 

 

Aaron

For virtual kmportal_time_vs, for inbound connection:when external IP(example 8.8.8.8) access 217.26.165.12, dest IP will be NAT to 192.168.3.5

 

Therefore source IP address(8.8.8.8) remain unchange.Is that right?

 

For outbound connection(from kmportal_pool to external 8.8.8.8) via the same session, what will be the source IP address? virtual server IP -217.26.165.12 or use the default SNAT Automap?

 

 

For virtual pptp_time_vs,for incoming when external user(example 3.3.3.3) access 219.225.11.3, does SNAT happen for inbound or outbound only?

 

outbound here refer to the "same session" that establish when external user access 219.225.11.3

 

Therefore SNAT will nat source IP to 211.24.161.34?

 

If SNAT is applied to a Virtual Server, any traffic behind the F5 will appear to have come from the F5.

 

 

Client IP Address - 10.10.10.10

 

Virtual Server IP Address - 20.20.20.20

 

Pool Server IP Address - 30.30.30.30

 

 

If SNAT is applied to the Virtual Server then the Pool Server will see all traffic coming from 20.20.20.20. The only way that the Pool Server will see the Client IP Address with SNAT Enabled is using X-Forward.

 

 

Think of SNAT as the man in the middle. Client only knows about the Virtual Server and the Pool Server only knows about the Virtual Server. Client and Pool server never know about one another (without X-Forward).