Automap only some IPs

Question

I have a VIP that does load balance for LDAP/s. Real servers for other VIPs that need to authenitcate against the LDAP VIP beak TCP because they are on the same vlan as the real ldap servers. I want to know if there is a a iRule I can use to force SNAP (automap) for servers that are on the same vlan as my ldap servers when hitting the ldap VIP.

mimlo_61970 · Answer

Yes, you can turn SNAT on in an iRule
when CLIENT_ACCEPTED {
    if { [IP::addr [IP::client_addr] equals 10.10.10.0/24] } {
        snat automap
    }
}

I think that is the right way to match a subnet, I've only used this rule to match hosts in a data group.

Forum Discussion

Automap only some IPs

1 Reply

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Kill SNAT AutoMap!

How to ensure source address and source port are accepted and traversed properly via F5 SNAT automap

F5 LTM question automap

Automap

SNAT Automap