Local address is a given based on the virtual to which the rule is applied.
This syntax should work:
when CLIENT_ACCEPTED {
if {[IP::addr [IP::remote_addr] equals x.x.x.x/24] ) {
snat y.y.y.y
}
}
This version allows a comparison to a subnet for flexibility. (The appropriate syntax corrections have also been made on the "snat" & "snatpool" wiki pages.)
But actually, you shouldn't really need a rule-- you can enable a selective SNATpool on the forwarding virtual to SNAT only the backend server address range:
Create a SNATpool:
"Translation": SNAT pool
"Origin": Address list. Add host or network address list that covers all the backend hosts that may make requests that need SNATing.
"VLAN Traffic": Enable only on the VLAN(s) hosting the origin addresses. (optional -- gives better control of SNAT)
Apply the SNAT pool created above to your wildcard VS, and it will only SNAT the listed origin addresses, letting all other traffic pass through unSNAT'd.
HTH
/deb