Forum Discussion
11 Replies
- What_Lies_Bene1Cirrostratus
OK, perhaps you can provide some detail around your design at this stage please?
- sunil_kattikar_Nimbostratus
Thanks for your reply. I am not using GTM for now. for LTM, I have configured with following steps,
We have deployed F5(LTM and GTM) in AWS with three subnets, DMZ external AZ1 172.28.72.0/26 --nic Ip 172.28.72.50
Created Virtual Server for Https with 4443 IP. Virtual server IP Https://172.28.72.49 created Http Pool and added Member ---Member1 172.28.73.138.
I am able to see the Network map for Virtual server/pool and member is green. I can see the https running well with Member Ip. but virtual server IP is not getting redirected to Member IP page. Need to configure LTM & GTM in AWS and LTM on private as well. can you please suggest some step by step guide to follow. any inputs are welcome. Also want to understand any impact with two subnet implementation in AWS. thanks for you help.
- LaudecNimbostratus
Check your port for the Virtual Server, https uses 443, not 4443 as a default port. Otherwise you need to specify the port in your URL: https://172.28.72.49:4443
- sunil_kattikar_Nimbostratus
It was typo..it is running on 443 by default. still having issues. I have not configured any http ssl and other profiles. can you pls suggest.
- LaudecNimbostratus
ok..no problem :). Are you seeing any traffic on the VS? or on the pool? Does the servers use the F5 as their gateway? If not, did you configure a SNAT on the VS?
- sunil_kattikar_Nimbostratus
Hi, I can see the VS traffic on eth1 and and VM traffic on eth2. I have not defined any F5 gateway . not configured SNAT. I am using Auto remap for now. With Auto remap configuration, I was able to get the http urls working. still facing issues with Https.
looks like issues with redirecting traffic from eth0 to eth1. pls advise.
regards, S
- What_Lies_Bene1Cirrostratus
Hey Sunil, a few questions;
- eth0 is the management interface so shouldn't be seeing any application traffic. Why do you think it's involved.
- Should the SSL be terminated on the F5 or just pass through to the Pool Members? If terminated, you'll need a ClientSSL profile applied to the VS before it'll work.
- You say you don't see the HTTPS traffic. Have you done a tcpdump to confirm that?
- Do the servers not have a default gateway?
- sunil_kattikar_Nimbostratus
Hi,
My inputs are inline - ◾eth0 is the management interface so shouldn't be seeing any application traffic. Why do you think it's involved. [Suni] Yes..it is management interface. I am not checking traffic @ eth0. I am doing TCPdump on eth1 with virtual server. it works fine. and TCPdump on eth2 with web application VM..it works fine. ◾Should the SSL be terminated on the F5 or just pass through to the Pool Members? If terminated, you'll need a ClientSSL profile applied to the VS before it'll work.[Sunil] - yes, I am not using any ssl termination for now. it is simple pass-through. it there any specific configurations for passthrough??? ◾You say you don't see the HTTPS traffic. Have you done a tcpdump to confirm that? [sunil]--yes..as discussed in to point 1. ◾Do the servers not have a default gateway? [sunil]...which gateway needs to be defined on the server.
thanks
- sunil_kattikar_Nimbostratus
In my earlier data point. Please read as -
looks like issues with redirecting traffic from eth1 to eth2??
it is typo. thanks
- What_Lies_Bene1Cirrostratus
Thanks Sunil, especially for the correction, was getting very confused.
- Ideally the default gateway on the servers should be the F5's Self IP on the internal VLAN. This will remove the need for the SNAT automap.
- Just to clarify, you are seeing the HTTPS traffic on the external traffic or not?
- So the HTTPS VS is listening on 443, what are the pool members listening on?
- Have you allowed 443 inbound in the Security Group assigned to your instance?
- Is the Network ACL just using the default rules?