iApp - View

Ah yes,

 

Make sure that in your vSphere client you have edited the settings so that all the interfaces you are using are connected to a PortGroup. You will need to create an F5 VLAN (most likely with the Name internal) attach that VLAN to one of the F5 Interfaces. I use 1.2 for internal. and I assign it as untagged. Then you will have to create a SelfIP in the IP Subnet of the view servers. and assign it to the internal VLAN.

 

So if Im reading what you wrote correct, we have all this already and I will explain:

 

Mgmt - Portgroup VLAN 32 Int - Portgroup VLAN 40 Ext - Portgroup VLAN 40 HA - Portgroup VLAN x (isolated)

 

Both my internal and external interfaces are attached to my VLAN 40.

 

Interfaces on the F5 show: 1.1 Uninitialized 1.2 Uninitialized 1.3 Uninitialized

 

My Internal is already in the View server subnet of VLAN 40, but no Self IP assigned.

 

Im unclear how to proceed.

 

Ok, so an update:

 

I was able to create 3 seperate VLANs on the F5, set an interface to each VLAN and set them all as untagged.

 

Now when I try to use the View client to connect through the F5, it shows an SSL prompt, showing that its communicating. Good first step!

 

Now Im seeing that: The connection with the server was terminated abnormally. F5 is killing the connection somewhere.

 

You may be better off to simplify your network configuration and only configure a single interface for ingress and egress, with a different interface for mgmt. Compare the mac addresses to make sure everything is configured correctly.

 

If you have just a single self-ip in some subnet, either the same one as your View servers or in a network with a route to that subnet, you can put your VIP in the same network as the self-ip. As long as SNAT Auto map is enabled on the VIP, things should work as expected.

 

Your mgmt interface should not be the same network as the one used to pass traffic.

 

Hi Josh, Thank you for the response.

 

I have removed all VLANs and just created a new 'Test' VLAN. I added interface 1.1 to it, untagged, and was not able to get from my desktop View client to the VS address.

 

I then removed interface 1.1 and added interface 1.2 and I can hit a cert message trying to connect from the View client. This shows some communication is happening (as my previous response above). But Im still not sure how/what to do to allow the View client to use the VS adderss and pass through to the security or connection servers

 

Thank you

 

VE networking can be a bit tricky. Now that you are able to contact this VIP, what you need to verify is if your node entries for your security/connection servers are green. A few questions: are the view servers in the same subnet as the self-ip of the VE? If yes, ensure SNAT Auto map is enabled on the VIP. If not, you likely need to set either a default route or a static route in order to reach the network that they are in.

 

You want to make sure that your interface lines up over the whole stack, from vmware to the f5, and the f5 interface to the vlan to the self-ip. It sounds like you are fairly close.

 

If this still doesn't work, then I recommend using the shell on the f5 and running some ping and telnet tests to your View servers.

 

So, it looks like its working now. Maybe not correctly, we have yet to test, but I can get through and connect to a View Machine.

 

I used the iAPP advanced settings and made sure SNAT was enabled. I then recreated a Self-IP on the same subet and now its passing through.

 

Not sure what happened. Ill look into it more.