Forum Discussion

daveram_265365's avatar
daveram_265365
Icon for Nimbostratus rankNimbostratus
Aug 29, 2016

F5 - External/Internal Installation, Wild Card Virtual Forwarding Server Not Working Correctly

I have the following installation - IP Subnets changed from actual (VIP Works Fine)

 

* External Network 10.1.1.0/24 (default route points to 10.1.1.1)

 

* Internal Network 10.254.1.0/25 (Old Default Gateway 10.254.1.1)

 

Both of these networks are routable (internally) from any workstation. I have change the Internal VIP LB machine to 10.254.1.2 (Big-IP Floating IP address). No SNAT (and cannot use due to vulnerability scanning masked as the F5, A/V blocks and downs the VIP).

 

For the forwarding server, it is all ports, 0.0.0.0/0 and all protocols and enabled on both the External Network and Internal network. I also created a new FastL4 to allow loose open and closes, due to the asynchronous routing.

 

What I see if we ping, from a machine on another internal network (192.168.1.0/24) via Wireshark on the LB server, I see the request come in (192.168.1.1 --> 10.254.1.1 --> LB Server). I also see the response go out, (LB Server --> F5), though the F5 drops this, as I never see it on the client machine. If I ping out from the LB server, all I see is a request but never a response.

 

What am I forgetting to configure to allow these LB servers to talk to the internal networks? Any help is appreciated.

 

1 Reply

  • I'm sure to be missing something, but from 1st principles, have you set:

     

    System ›› Configuration : Local Traffic : General

     

    SNAT Packet forwarding to ALL protocols?

     

    Is the return packet to the client IP (192.168.x.x) reaching the g/w (10.1.1.1)?

     

    If so, since we are not SNATing, does the g/w know how to reach the 10.254.1.0/25 network?

     

    Can you give us some more details, I would recommend running tcpdump in an F5 shell.

     

    BR Jan