Forum Discussion
dennypayne
Jun 18, 2008Employee
Do you have a forwarding virtual server defined? BIG-IP is a default deny box, just like a firewall, so if you aren't specifically allowing traffic to pass, then it won't.
So if you want to allow the servers to initiate outbound connections without a SNAT, you need a forwarding virtual server. I typically use a wildcard one (0.0.0.0:0 - type IP forwarding - all protocols) because you don't know what the destination networks might be. You can enable it only on the internal VLAN if you don't want outside traffic to be forwarded inbound (or leave it enabled on all VLANS if you do).
You also need to make sure that whatever BIG-IP's gateway is knows how to route back to the network that's behind BIG-IP, since BIG-IP will be preserving the server's source IP when it forwards traffic outbound. Typically that would be a static route to the internal network pointing to the BIG-IP's external floating address (for a redundant pair).
Denny