NAT the clientside?

Question

We have an LTM 9.4.7 and we wanted to replace our reverse proxy layer with the F5. We are trying to configure NAT for the clientside. Essentially we would like all connections from the client get NAT'd to a routable address on the inside of our DMZ. I see lot of options not sure where to begin. Thx! 
&nbsp;  
&nbsp; NEW 
&nbsp;  
&nbsp; CLIENT 1.1.1.1 
&nbsp;    | 
&nbsp; Firewall 
&nbsp;    | 
&nbsp; F5 EXT VIP 10.0.0.100 (All clients should get nat'd the same way to RP 10.0.1.100) 
&nbsp;    | 
&nbsp; Firewall 
&nbsp;    | 
&nbsp; F5 INT VIP 172.16.x.x 
&nbsp;    /\ 
&nbsp; APP1 APP2 (application) 
&nbsp;  
&nbsp;  
&nbsp;  
&nbsp; CURRENT 
&nbsp;  
&nbsp; CLIENT 1.1.1.1 
&nbsp;    | 
&nbsp; Firewall 
&nbsp;    | 
&nbsp; F5 EXT VIP 10.0.0.100 
&nbsp;    /\ 
&nbsp; PXY1 PXY2 10.0.1.100 and .101 (Clients get nat'd to one of these IP's) 
&nbsp;    \/ 
&nbsp; Firewall 
&nbsp;     | 
&nbsp; F5 INT VIP 172.16.x.x 
&nbsp;    /\ 
&nbsp; APP1 APP2 (application) 
&nbsp;

jrahm · Answer

You could create a snatpool with the 10.0.1.100 (and the 10.0.1.101 if you are concerned about tcp port exhaustion) and apply it to your EXT VIP.

Forum Discussion

NAT the clientside?

1 Reply

Recent Discussions

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

Related Content

err tmm1[24399]: 011f0007:3: http_process_state_prepend - Invalid action:0x107041 clientside

BIG-IP AFM設定例-NAT

Remove subnet from NAT pools without any impact

NAT traffic initiated by F5

Bulk Nat Creation