ltm snat
ltm snat(1) BIG-IP TMSH Manual ltm snat(1)
NAME
snat - Configures secure network address translation (SNAT).
MODULE
ltm
SYNTAX
Configure the snat component within the ltm module using the syntax shown in the following sections.
CREATE/MODIFY
create snat [name]
modify snat [name]
options:
(automap | none)
auto-lasthop [default | enabled | disabled ]
app-service [[string] | none]
description [string]
mirror { [disabled | enabled | none] }
origins
[add | delete | replace-all-with] {
[address ... | address/mask ... ] {
[ listener-syncookie [disabled | enabled] ]
}
}
snatpool [ name ]
source-port [change | preserve | preserve-strict ]
translation [translation name ... ]
vlans
[add | delete | replace-all-with] {
[vlan name ... ]
}
vlans [ default | none]
[vlans-disabled | vlans-enabled ]
metadata
[add | delete | modify] {
[metadata_name ... ] {
value [ "value content" ]
persist [ true | false ]
}
}
edit snat [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list snat
list snat [ [ [name] | [glob] | [regex] ] ... ]
show running-config snat
show running-config snat [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
show snat
show snat [ [ [name] | [glob] | [regex] ] ... ]
options:
(default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)
detail
field-fmt
DELETE
delete snat [name]
DESCRIPTION
You can use the snat component to configure a SNAT. A SNAT defines the relationship between an externally visible IP
address, SNAT IP address, or translated address, and a group of internal IP addresses, or originating addresses, of
individual servers at your site.
EXAMPLES
create snat my_snat origins add { 10.1.1.3 } translation mySnatTranslation
Creates the SNAT my_snat that translates the address of connections that originate from the address 10.1.1.3 to the
translation address mySnatTranslation.
list snat all-properties
Displays all properties for all SNATs.
OPTIONS
automap
Specifies that the system translates the source IP address to an available self IP address when establishing
connections through the virtual server. You can use this option only if you do not use the snatpool and translation
options.
Note that when you use the edit command to create a new snat, by default automap is enabled. If you do not want to use
automap, you must turn this feature off by using the none option.
app-service
Specifies the name of the application service to which this object belongs. The default value is none. Note: If the
strict-updates option is enabled on the application service that owns the object, you cannot modify or delete this
object. Only the application service can modify or delete this object.
description
User defined description.
glob Displays the items that match the glob expression. See help glob for a description of glob expression syntax.
mirror
Enables or disables mirroring of SNAT connections. The default value is none.
name Specifies a unique name for the component. This option is required for the commands create, delete, and modify.
origins
Specifies a set of IP addresses and subnets from which connections originate. This option is required.
regex
Displays the items that match the regular expression. The regular expression must be preceded by an at sign (@[regular
expression]) to indicate that the identifier is a regular expression. See help regex for a description of regular
expression syntax.
snatpool
Specifies the name of a SNAT pool. You can only use this option if you do not use the automap and translation options.
source-port
Specifies whether the system preserves the source port of the connection. The default value is preserve.
The options are:
change
Use this setting to obfuscate internal network addresses.
preserve
Specifies to preserve the source port of the connection.
preserve-strict
Use this value only for UDP under very special circumstances such as nPath or transparent (that is, no
translation of any other L3/L4 field), where there is a 1:1 relationship between virtual IP addresses and node
addresses, or when clustered multi-processing (CMP) is disabled.
translation
Specifies the name of a translated IP address. Note that translated addresses are outside the traffic management
system. You can use this option only if you do not use the automap and snatpool options.
vlans
Specifies the name of the VLAN to which you want to assign the SNAT. The default value is none.
vlans-disabled
Disables the SNAT for all specified VLANs. When the "vlans" value is set to "none", the "vlans-disabled" option
enables the SNAT on all VLANs.
vlans-enabled
Enables the SNAT for all specified VLANs. When the "vlans" value is set to "none", the "vlans-enabled" option disables
the SNAT on all VLANs.
metadata
Associates user defined data, each of which has name and value pair and persistence. Persistent(default) means the
data will be saved into config file.
listener-syncookie
Toggles whether SYN Cookies will be applied to connections for a specific SNAT. Default is SYN Cookies are Enabled.
SEE ALSO
create, delete, edit, glob, list, ltm snat-translation, ltm snatpool, modify, regex, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2013, 2015-2016. All rights reserved.
BIG-IP 2020-09-03 ltm snat(1)