NAT on LTM or firewall?

Hi, Maybe I am wrong but if NAT (using F5 definition of NAT) is used to access internal servers then source IP is preserved, only destination IP is changed - Am I wrong? Source IP is changed only if SNAT is used for accessing servers (strange config I guess but possible). I would say that using BIG-IP device to perform just NAT seems to be like not utilizing 99% of features of the device. Not an expert here but I would change this setup so: Internet router --- firewall --- LTM --- core switch Then for outgoing traffic (initiated from LAN to Internet) SNAT can be configured on LTM (probably best practice is rather to set wildcard virtual server (VS)?) For traffic coming from Internet to servers in LAN appropriate VSs should be created. Piotr

You're not wrong, but most people are not that strict about using the word "NAT". In my experience, it's generally safe to assume that when someone says NAT, then they talking about the F5 SNAT. If I was wrong, I am sure he will clarify, and I will correct my statement to suit.

Good to know, still a lot to learn. I tried to figure out how to configure SNAT to allow access to internal servers that are using private IP - can't find a way :-( I have to be missing something here :-( With servers using public IPs I can figure it more or less but not with private. I will appreciate a lot for any hints how to do such setup. Piotr