ltm snat
ltm snat(1) BIG-IP TMSH Manual ltm snat(1)
NAME
snat - Configures secure network address translation (SNAT).
MODULE
ltm
SYNTAX
Configure the snat component within the ltm module using the syntax
shown in the following sections.
CREATE/MODIFY
create snat [name]
modify snat [name]
options:
(automap | none)
auto-lasthop [default | enabled | disabled ]
app-service [[string] | none]
description [string]
mirror { [disabled | enabled | none] }
origins
[add | delete | replace-all-with] {
[address ... | address/mask ... ]
}
snatpool [ name ]
source-port [change | preserve | preserve-strict ]
translation [translation name ... ]
vlans
[add | delete | replace-all-with] {
[vlan name ... ]
}
vlans [ default | none]
[vlans-disabled | vlans-enabled ]
metadata
[add | delete | modify] {
[metadata_name ... ] {
value [ "value content" ]
persist [ true | false ]
}
}
edit snat [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list snat
list snat [ [ [name] | [glob] | [regex] ] ... ]
show running-config snat
show running-config snat [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
show snat
show snat [ [ [name] | [glob] | [regex] ] ... ]
options:
(default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)
detail
field-fmt
DELETE
delete snat [name]
DESCRIPTION
You can use the snat component to configure a SNAT. A SNAT defines the
relationship between an externally visible IP address, SNAT IP address,
or translated address, and a group of internal IP addresses, or
originating addresses, of individual servers at your site.
EXAMPLES
create snat my_snat origins add { 10.1.1.3 } translation
mySnatTranslation
Creates the SNAT my_snat that translates the address of connections
that originate from the address 10.1.1.3 to the translation address
mySnatTranslation.
list snat all-properties
Displays all properties for all SNATs.
OPTIONS
automap
Specifies that the system translates the source IP address to an
available self IP address when establishing connections through
the virtual server. You can use this option only if you do not use
the snatpool and translation options.
Note that when you use the edit command to create a new snat, by
default automap is enabled. If you do not want to use automap, you
must turn this feature off by using the none option.
app-service
Specifies the name of the application service to which this object
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete this object. Only the application
service can modify or delete this object.
description
User defined description.
glob Displays the items that match the glob expression. See help glob
for a description of glob expression syntax.
mirror
Enables or disables mirroring of SNAT connections. The default
value is none.
name Specifies a unique name for the component. This option is required
for the commands create, delete, and modify.
origins
Specifies a set of IP addresses and subnets from which connections
originate. This option is required.
regex
Displays the items that match the regular expression. The regular
expression must be preceded by an at sign (@[regular expression])
to indicate that the identifier is a regular expression. See help
regex for a description of regular expression syntax.
snatpool
Specifies the name of a SNAT pool. You can only use this option if
you do not use the automap and translation options.
source-port
Specifies whether the system preserves the source port of the
connection. The default value is preserve.
The options are:
change
Use this setting to obfuscate internal network addresses.
preserve
Specifies to preserve the source port of the connection.
preserve-strict
Use this value only for UDP under very special circumstances
such as nPath or transparent (that is, no translation of any
other L3/L4 field), where there is a 1:1 relationship between
virtual IP addresses and node addresses, or when clustered
multi-processing (CMP) is disabled.
translation
Specifies the name of a translated IP address. Note that
translated addresses are outside the traffic management system.
You can use this option only if you do not use the automap and
snatpool options.
vlans
Specifies the name of the VLAN to which you want to assign the
SNAT. The default value is none.
vlans-disabled
Disables the SNAT for all specified VLANs. When the "vlans" value
is set to "none", the "vlans-disabled" option enables the SNAT on
all VLANs.
vlans-enabled
Enables the SNAT for all specified VLANs. When the "vlans" value
is set to "none", the "vlans-enabled" option disables the SNAT on
all VLANs.
metadata
Associates user defined data, each of which has name and value
pair and persistence. Persistent(default) means the data will be
saved into config file.
SEE ALSO
create, delete, edit, glob, list, ltm snat-translation, ltm snatpool,
modify, regex, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2013, 2015-2016. All rights
reserved.
BIG-IP 2016-03-14 ltm snat(1)