Forum Discussion

Krys_Frankiewic's avatar
Krys_Frankiewic
Icon for Nimbostratus rankNimbostratus
Jun 03, 2016

Auto Map & SNAT

Is it possible to have one VS using Auto Map and the second one using SNAT? The idea is to translate client IP address to the floating address if accessing one VS or to the SNAT address if accessing a second VS. I have only one client IP (MQ server) in my design.

 

BIG-IP
devops
LTM

9 Replies

Sort By
  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Jun 03, 2016

    Hi,

     

    The SNAT configuration is setup on each VS, you can have VS1 configured for automap and VS2 configured with a SNAT.

     

    You have 2 VS, so even if you have only one client you establish two separate connection to access each other.

     

    The question is more, are you sure that your backend support to have a client connecting and presenting with 2 IPs ?

     

    • Krys_Frankiewic's avatar
      Krys_Frankiewic
      Icon for Nimbostratus rankNimbostratus
      Jun 06, 2016
      Thanks for the replay. I created SNAT Pool List with one IP address and assigned that list to the VS. F5 does the translation but is sending RST to SYN ACK. Client has no problem to see different source IP addresses.
    • Yann_Desmarest's avatar
      Yann_Desmarest
      Icon for Cirrus rankCirrus
      Jun 06, 2016
      Did you check Firewall rules or network routing for the IP in the SNAT pool
    • Yann_Desmarest's avatar
      Yann_Desmarest
      Icon for Cirrus rankCirrus
      Jun 06, 2016
      You can activate logging of tcp reset with the following command : tmsh modify /sys db tm.rstcause.log value enable
  • Yann_Desmarest_'s avatar
    Yann_Desmarest_
    Icon for Nacreous rankNacreous
    Jun 03, 2016

    Hi,

     

    The SNAT configuration is setup on each VS, you can have VS1 configured for automap and VS2 configured with a SNAT.

     

    You have 2 VS, so even if you have only one client you establish two separate connection to access each other.

     

    The question is more, are you sure that your backend support to have a client connecting and presenting with 2 IPs ?

     

    • Krys_Frankiewic's avatar
      Krys_Frankiewic
      Icon for Nimbostratus rankNimbostratus
      Jun 06, 2016
      Thanks for the replay. I created SNAT Pool List with one IP address and assigned that list to the VS. F5 does the translation but is sending RST to SYN ACK. Client has no problem to see different source IP addresses.
    • Yann_Desmarest_'s avatar
      Yann_Desmarest_
      Icon for Nacreous rankNacreous
      Jun 06, 2016
      Did you check Firewall rules or network routing for the IP in the SNAT pool
    • Yann_Desmarest_'s avatar
      Yann_Desmarest_
      Icon for Nacreous rankNacreous
      Jun 06, 2016
      You can activate logging of tcp reset with the following command : tmsh modify /sys db tm.rstcause.log value enable
  • Vijay_E's avatar
    Vijay_E
    Icon for Cirrus rankCirrus
    Jun 06, 2016

    Does it have the right VLANs enabled and listening ? L4 or L7 ? Any other iRules attached to the VS ? Can you provide a rough diagram and IP address along with the VS configuration ?