irule to Source NAT specific IP address to avoid asymmetric routing

If I understand correctly, you only want to snat if the source of the traffic hitting the virtual server is in 10.250.8.0/23.

1. You could create a SNAT object with 10.250.8.0/23 as the origin. Since no SNAT is configured on the virtual service, this SNAT object would take effect for traffic sourced from that subnet. However this may not be your desired solution as it may impact traffic from that subnet connecting to other virtual services or simply transiting the device. Added here just as an option.

2. Add the subnet 10.250.8.0/23 to a datagroup (let's call it "source_network") and match in an iRule. Something like (untested - verify operation prior to applying in production):

   when CLIENT_ACCEPTED {
   if { ([class match [IP::client_addr] equals source_network] } {
       snat automap
   }
   }

You could replace automap snat with a snat pool if desired. See this answer for an example. Additional subnets can be added to the datagroup later if needed.

I added below and getting this error. am I missing any thing ?

when CLIENT_ACCEPTED { if { ([class match [IP::10.250.11.46] equals 10.250.8.1/23 } { snat automap } }

Error : 01070151:3: Rule [/Common/test] error: /Common/test:1: error: [parse error: PARSE missingBracket 29 {missing close-bracket}][{ ([class match [IP::10.250.11.46] equals 10.250.8.1/23 }]

I added a bracket that I missed to the original answer. Also I believe you'll need to use a datagroup for this as the 'class' command operates with datagroups (see article on class). If you copy/paste the iRule I posted, you'll need to create a datagroup called "source_network".

 

Don't hard-code addresses into the iRule. "IP::client_addr" is a command (see here).

 

You can create the datagroup from TMSH as follows:

 

create ltm data-group internal source_network type ip records add { 10.250.8.0/23 }