nerdexam
Exams101Questions#77
F5

101 · Question #77

101 Question #77: Real Exam Question with Answer & Explanation

The correct answer is C: 10.10.1.I00B.10.10.1.100. The incoming connection to 150.10.10.75:80 matches VS_network (not VS_web), which applies snatpool client_pool; the BIG-IP selects 10.10.1.100 as the SNAT source because it is on the same subnet as the pool members.

Question

Given the configuration shown below, if a connection request arrived on the BIG-IP with a source address of 200.10.10.10:1050 and a destination of 150.10.10.75:80, what would the source IP address of the associated packet be when it arrived on the choosen member of the web_pool self 150.10.10.1 { netmask 255.255.255.0 unit I floating enable vlan external allow tcp https } self 10.10.1.1 { netmask 255.255.255.0 unit I floating enable vlan internal allow default } pool web_pool { member 10.10.1.11:80 member 10.10.1.12:80 member 10.10.1.13:80 }snatpool client_pool { member 10.10.1.100 member 150.10.10.15 }virtual VS_web { destination 150.10.10.10:80 ip protocol tcp snat automap pool web_pool }virtual VS_network{ destination 150.10.1 0.0:any mask 255.255.255.0 snatpool client_pool ip protocol tcp pool web_pool } virtual VS_network { destination 150.10.1 0.0:any mask 255.255.255.0 snatpool client_pool ip protocol tcp pool web_pool } virtual VS_network { destination 150.10.10.0:any mask 255.255.255.0 snatpool client_pool ip protocol tcp pool web_pool }

Options

  • A10.10.1.IA.10.10.1.1
  • B200.10.10.I0D.200.10.10.10
  • C10.10.1.I00B.10.10.1.100
  • D150.10.10.15C.150.10.10.15

Explanation

The incoming connection to 150.10.10.75:80 matches VS_network (not VS_web), which applies snatpool client_pool; the BIG-IP selects 10.10.1.100 as the SNAT source because it is on the same subnet as the pool members.

Common mistakes.

  • A. 10.10.1.1 is a floating self IP on the internal VLAN, not a member of snatpool client_pool, so it is never used as a SNAT source address.
  • B. 200.10.10.10 is the original client source IP; SNAT replaces this address - the client IP is never forwarded to pool members when SNAT is active.
  • D. 150.10.10.15 is a member of client_pool but belongs to the external 150.10.10.0/24 subnet, making it an inappropriate source address for traffic destined to the internal 10.10.1.0/24 pool members.

Concept tested. F5 BIG-IP SNAT pool address selection with wildcard virtual server matching

Reference. https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-local-traffic-management-getting-started-with-nat/big-ip-local-traffic-management-getting-started-with-nat.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 101 Practice