ltm snat
ltm snat(1) BIG-IP TMSH Manual ltm snat(1)
NAME
snat - Configures secure network address translation (SNAT).
MODULE
ltm
SYNTAX
Configure the snat component within the ltm module using the syntax shown in the following sections.
CREATE/MODIFY
create snat [name]
modify snat [name]
options:
(automap | none)
auto-lasthop [default | enabled | disabled ]
app-service [[string] | none]
description [string]
mirror { [disabled | enabled | none] }
origins
[add | delete | replace-all-with] {
[address ... | address/mask ... ]
}
snatpool [ name ]
source-port [change | preserve | preserve-strict ]
translation [translation name ... ]
vlans
[add | delete | replace-all-with] {
[vlan name ... ]
}
vlans [ default | none]
[vlans-disabled | vlans-enabled ]
metadata
[add | delete | modify] {
[metadata_name ... ] {
value [ "value content" ]
persist [ true | false ]
}
}
edit snat [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list snat
list snat [ [ [name] | [glob] | [regex] ] ... ]
show running-config snat
show running-config snat [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
show snat
show snat [ [ [name] | [glob] | [regex] ] ... ]
options:
(default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)
detail
field-fmt
DELETE
delete snat [name]
DESCRIPTION
You can use the snat component to configure a SNAT. A SNAT defines the relationship between an externally
visible IP address, SNAT IP address, or translated address, and a group of internal IP addresses, or
originating addresses, of individual servers at your site.
EXAMPLES
create snat my_snat origins add { 10.1.1.3 } translation mySnatTranslation
Creates the SNAT my_snat that translates the address of connections that originate from the address 10.1.1.3
to the translation address mySnatTranslation.
list snat all-properties
Displays all properties for all SNATs.
OPTIONS
automap
Specifies that the system translates the source IP address to an available self IP address when
establishing connections through the virtual server. You can use this option only if you do not use the
snatpool and translation options.
Note that when you use the edit command to create a new snat, by default automap is enabled. If you do
not want to use automap, you must turn this feature off by using the none option.
app-service
Specifies the name of the application service to which this object belongs. The default value is none.
Note: If the strict-updates option is enabled on the application service that owns the object, you cannot
modify or delete this object. Only the application service can modify or delete this object.
description
User defined description.
glob Displays the items that match the glob expression. See help glob for a description of glob expression
syntax.
mirror
Enables or disables mirroring of SNAT connections. The default value is none.
name Specifies a unique name for the component. This option is required for the commands create, delete, and
modify.
origins
Specifies a set of IP addresses and subnets from which connections originate. This option is required.
regex
Displays the items that match the regular expression. The regular expression must be preceded by an at
sign (@[regular expression]) to indicate that the identifier is a regular expression. See help regex for
a description of regular expression syntax.
snatpool
Specifies the name of a SNAT pool. You can only use this option if you do not use the automap and
translation options.
source-port
Specifies whether the system preserves the source port of the connection. The default value is preserve.
The options are:
change
Use this setting to obfuscate internal network addresses.
preserve
Specifies to preserve the source port of the connection.
preserve-strict
Use this value only for UDP under very special circumstances such as nPath or transparent (that is,
no translation of any other L3/L4 field), where there is a 1:1 relationship between virtual IP
addresses and node addresses, or when clustered multi-processing (CMP) is disabled.
translation
Specifies the name of a translated IP address. Note that translated addresses are outside the traffic
management system. You can use this option only if you do not use the automap and snatpool options.
vlans
Specifies the name of the VLAN to which you want to assign the SNAT. The default value is none.
vlans-disabled
Disables the SNAT for all specified VLANs. When the "vlans" value is set to "none", the "vlans-disabled"
option enables the SNAT on all VLANs.
vlans-enabled
Enables the SNAT for all specified VLANs. When the "vlans" value is set to "none", the "vlans-enabled"
option disables the SNAT on all VLANs.
metadata
Associates user defined data, each of which has name and value pair and persistence. Persistent(default)
means the data will be saved into config file.
SEE ALSO
create, delete, edit, glob, list, ltm snat-translation, ltm snatpool, modify, regex, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2013, 2015-2016. All rights reserved.
BIG-IP 2016-03-14 ltm snat(1)