SNAT: Which IP is choosed for outgoing connection

Hi,

 

 

we have a SNAT pool set up with one IP-address in the Internet VLAN and one IP-address in a private VLAN.

 

 

For example:

 

 

 

Internet-VLAN 195.196.197.198

 

Private-VLAN: 192.168.0.1, routes to 192.168.0.254 to network 10.1.0.0/24

 

 

 

Using Automap is not an option for us due to Firewall reasons (all connections have to come from this IP-Addresses regardless which BIG/IP is active).

 

 

So we have on SNAT pool with the addresses 195.196.197.198 and 192.168.0.1 in it.

 

 

This setup works fine: A request from an internal server to e.g. www.google.com uses 195.196.197.198 as outgoing address and a request to 10.1.0.198 uses 192.168.0.1 as the outgoing address.

 

 

If an internal server connects to a virtual server, the BIGIP shows 192.168.0.1 as the source on the target server. This is also fine.

 

 

 

Now we would like to have a new VLAN, let's say:

 

 

Special-Private-VLAN: 192.168.50.1, routes to 192.168.50.10 to network 10.2.0.0/24

 

 

 

When I tried to add 192.168.50.1 to the above SNAT pool, all internal requests suddenly use this address instead the 192.168.0.1. This causes problems, as all access rights on the servers are configured with the 192.168.0.1

 

 

If I create a single SNAT entry with 192.168.50.1, the BIGIP doesn't use it.

 

 

 

What options do I have to tell it to make use of the 192.168.50.1 to all traffic which it has to route through the 192.168.50.x-Interface?

 

 

 

Many thanks for your help.

 

 

 

Thomas