Forum Discussion

Felipe_Nogueira's avatar
Felipe_Nogueira
Icon for Nimbostratus rankNimbostratus
Feb 22, 2011

Subnet configuration for Snat Pool/Snat

Hi,

 

 

I need to configure an Snat Pool and Snat to translate a whole subnet including the network address and broadcast address the external networks are 200.166.92.128/25 and 201.15.234.128/25, the internal network is 172.23.180.128/25, the translations always correspond to the last octect, ex:

 

 

200.166.92.128 --> 172.23.180.128

 

201.16.234.128 --> 172.23.180.128

 

 

On the Snat Pool configuration the member list do not accept subnets, only hosts, but when I'll configure the Snat I can specify a network.

 

 

If I create a Snat Pool with all the hosts in this subnet and then create a Snat with the addres list for the whole 172.23.180.128/25, will the translation work for all ips according to the last octect? or I'll have to configure one by one?

 

 

Thanks!

 

config
design

2 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Feb 22, 2011
    Hi Felipe,

    You'd need to use an iRule for this. You could basically check in CLIENT_ACCEPTED to see if the client IP (IP::client_addr) is in a datagroup of source IP address/networks to SNAT. You could then apply the SNAT using logic like this: 

    when CLIENT_ACCPTED {

    Check if client IP is in address datagroup of allowed source addresses
   if { [class match [IP::client_addr] equals allowed_snat_clients_class] }{

       Take the last octet of the client IP and use that for the SNAT address
      snat "172.23.180.[getfield [IP::client_addr] . 4]"
   }
}

    Note that you don't need to define any SNAT object to use this iRule.

    Aaron
  • Felipe_Nogueira's avatar
    Felipe_Nogueira
    Icon for Nimbostratus rankNimbostratus
    Feb 22, 2011
    Hi hoolio,

     

     

    Good to know there is a way to do it, I'll have to study iRules a little bit, as I don't have time this occasion, I'll configure one by one.

     

     

    Thankyou very much.

     

     

    Felipe