Forum Discussion

José_Ramón_Veci's avatar
José_Ramón_Veci
Icon for Nimbostratus rankNimbostratus
Feb 08, 2017

Outgoing traffic no NAT needed

Is there a way for the IP of my servers to go through the balancers without doing NAT?

 

I want it to be just a routing to pass the private network of servers through a VPN that rises in the firewalls that are between the balancers and the router of access to Internet

 

I have set up a virtual server source from my internal private network (Servers) and the destination private network in Amazon for "No NAT", but with a tcpdump I see incoming packets from the public internet outgoing address of my servers configured in SNAT

 

Virtual Server config:

 

ltm virtual /Preproduccion/VPN_No_NAT_Out { destination /Preproduccion/10.1.69.0%1:0 ip-forward mask 255.255.255.0 profiles { /Common/fastL4 { } } source 10.1.18.0/23 translate-address disabled translate-port disabled vlans { /Preproduccion/VLAN_Externa_PRE /Preproduccion/VLAN_Interna_PRE } vlans-enabled

 

SNAT config:

 

ltm snat /Preproduccion/SNAT_Outbound_Internet { description "IP NAT SAlida Internet Red Privada Servidores" origins { 10.1.18.0/23 { } } translation /Preproduccion/XXX.XXX.XXX.134 vlans { /Preproduccion/VLAN_Interna_PRE } vlans-enabled

 

SOS !!! I need your help !!! :)

 

application delivery
BIG-IP
LTM

2 Replies

Sort By
  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Feb 08, 2017

    Hi José,

    apply the following iRule to your VPN_No_NAT_Out Virtual Server to overwrite the global SNAT.

    when CLIENT_ACCEPTED {
    snat [IP::client_addr]  
}

    Cheers, Kai