VLAN-Group virtual server problem

Question

Hi&nbsp;
 &nbsp;
I've a trouble with some problem. I access virtual server but pool member doesn't respond SYN packet. Let's see packet flow&nbsp;
Assume client ip : x   .......virtual server : y.......... member : z   (x,z is in the same vlan)  z is mail server  y is typical virtual server with no SNAT&nbsp;
&nbsp;
x ---&gt; y  SYN&nbsp;
y &lt;--- x  SYN+ACK&nbsp;
x ---&gt; y  ACK&nbsp;
x ---&gt; z  SYN&nbsp;
x----&gt; z SYN&nbsp;
x ----&gt; z SYN&nbsp;
z &lt;---- x RST&nbsp;
 &nbsp;
This system is use VLAN-Group.  Is this flow is properly (client handshake with VS then client handshake with member) ?&nbsp;
I didn't see virtual server handshake with member. Is this properly for VLAN-Group ?&nbsp;
So  x   can connect   z   if bypass BIG-IP.  and BIG-IP can connect   z  directly.  but  x  can't connect  z  via virtual server  y&nbsp;
Which cause that can happen?  Is this Asymmetric routing problem even though I use VLAN-Group?&nbsp;
 &nbsp;
Thank you&nbsp;
 &nbsp;

what_lies_bene1 · Answer

I'm not sure this is a VLAN Group issue, it seems more likely it's a routing issue on the server side. If x to z works that suggests the real server doesn't have a route back to the client back via the F5. You either need to change the routing on the server so it routes responses to the client back through the F5 or enable SNAT on the VS.

Forum Discussion

VLAN-Group virtual server problem

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

VLAN Group and Asymmetric Deployment

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire

Create F5 BIG-IP Next Instance on Proxmox Virtual Environment

Source_Addr Persistence Problems

F5 Distributed Cloud - Regional Decryption with Virtual Sites