In some cases, you might want to allow a client on an external network to
send a request directly to a specific internal node (thus bypassing the normal load balancing
server selection). To send a request directly to an internal server, a client normally needs to
know the internal node’s IP address, which is typically a private class IP address. Because
private class IP addresses are non-routable, you can instead create a network translation address
is a feature of BIG-IP
Local Traffic Manager that provides a routable IP address
that an external node can use to send traffic to, or receive traffic from, an internal node.
More specifically, a NAT is an address translation object that instructs
Local Traffic Manager (LTM) to translate one IP address
in a packet header to another IP address. A NAT consists of a one-to-one mapping of a public IP
address to an internal private class IP address.
You can use a NAT in two different ways:
To translate a private class destination address to a public
When an external node sends traffic to the public IP address defined in
a NAT, Local Traffic Manager automatically translates that destination address to the
associated private class IP address, which represents a specific node on the internal network.
This translation is hidden from the external node that sent the traffic.
To translate a private class source address to a public address
You can also use a NAT to translate an internal node’s private class
source IP address to a public IP address. This translation is hidden from the external node
that receives the traffic.
To summarize, a NAT provides a routable address for sending packets to or
from a node that has a private class IP address.
When you create a NAT, you can map only one private class IP address to a
specific public IP address. That is, a NAT always represents a one-to-one mapping between a
private class IP address and a public IP address. If you want to map more than one private class
IP address (that is, multiple internal nodes) to a single public IP address, you can create a
NATs do not
support port translation, and are not appropriate for protocols that embed IP addresses in the
packet, such as FTP.
When you use
a NAT to provide access to an internal node, all ports on that internal node are open. To
mitigate this security risk, consider using a SNAT instead.
Local Traffic Manager can apply a NAT to either an inbound or an outbound