Conditional SNAT + aFleX rule

[Deleted User][Deleted User]
edited September 2022 in aFleX
How to create an aFleX rule, where a connection started from a server_1 to the VIP can use the SNAT_1 IP address, and another connection started from another server_2 to the same VIP can use another SNAT_2 IP address??..
Is that possible.
Thank you very much

Comments

  • [Deleted User][Deleted User]
    edited February 2014
    This can be accomplished without the need for an aFlex by creating SNAT Pools and ACLs, then applying them to the virtual server port. Here's an example.

    !
    access-list 101 permit ip host 192.168.191.12 any
    access-list 102 permit ip host 192.168.191.13 any
    !
    ip nat pool SNAT1 10.0.1.6 10.0.1.6 netmask /24
    ip nat pool SNAT2 192.168.191.11 192.168.191.11 netmask /24
    !
    slb virtual-server SNAT_vs 10.0.1.20
    port 80 http
    name _10.0.1.20_HTTP_80
    access-list 101 source-nat-pool SNAT1
    access-list 102 source-nat-pool SNAT2
    service-group SNAT_sg
    !

    The less processing efficient way is to do it is in aFlex. Here's an example.

    when SERVER_CONNECTED {
    if { [IP::client_addr] equals "10.0.1.5" } {
    snatpool SNAT1
    } elseif { [IP::client_addr] equals "192.168.1.50" } {
    snatpool SNAT2 }
    }

    Hope this helps.
Sign In or Register to comment.

© Copyright 2024 - A10 Networks Community - All Rights Reserved. | Legal