Forum Discussion

Macaron's avatar
Macaron
Icon for Nimbostratus rankNimbostratus
Aug 30, 2017

GTM resolving to wrong IP address from Internet

Hi Guys, I am in middle of an ongoing issue in which I am not able to resolve a DNS name of wide IP B to correct IP address. I have configured two new applications having the same VS on LTM (206.221.101.12)

 

On GTM Translation (172.x.x.x) to IP (206.221.101.12) for Wide IP A (This is resolving correctly to 172.x.x.x) On GTM VS 206.221.101.12 is configured for wide IP B (This is not resolving correctly instead it resolves to 172.x.x.x which is an IP for wide IP A) On ISP firewall we have a NAT in place translating 172.x.x.x to 206.221.101.12 IP address

 

When the NAT (172.x.x.x to 206.x.x.x ) is removed from ISP firewall, I was able to get the 206.221.101.12 when I resolved the DNS name from the public network but the user was not able to communicate with the end server, so I have to re configure the NAT again.

 

This part is making me confuse since DNS is part of the payload and the NAT should have no bearing on this.

 

Please let me know if I am missing anything. How can I fix this?

 

4 Replies

  • eben's avatar
    eben
    Icon for Nimbostratus rankNimbostratus

    Hi Frank

     

    If you've configured two applications with same virtual-address 206.221.101.12 what are their service ports? If you could make the rest of the question clearer.

     

  • Hi eben, On GTM all ports are open for now. I have configured 0 for ports. But on LTM I am allowing 5 ports via an iRule.

     

    Also, I did Wireshark capture on GTM listener IP to see the name resolution of wide IP B. I saw their GTM is actually replying with correct IP address (206.221.101.12) but answer in nslookup comes back as IP address of wide IP A (172.x.x.x). The NAT on ISP firewall changing this when GTM reply back to a query but it should not change since DNS is part of the payload and the NAT should have no bearing on this.

     

    It is a bit confusing please, let me know which of my question you did not understand, I will try to explain again.

     

    Thanks for your help.

     

  • eben's avatar
    eben
    Icon for Nimbostratus rankNimbostratus
    1. When adding virtual-server object to the GTM, what was used as the "address" + "port" and "translation" + "port"?
    2. Do a dig or nslookup to the GTM listener IP address for the WIP and see the response share the response.
    3. Where is the GTM in the network design. is there a NAT to the GTM listener IP or is directly internet facing with a public IP address?
  • Hi,

     

    when you configure GTM behind a NAT device:

     

    • do not enable virtual server discovery
    • if LTM virtual server address is 172.16.1.1 hidden by firewall address 1.1.1.1, VS in GTM configuration must be:
      • Destination : 1.1.1.1 (public IP)
      • translation address : 172.16.1.1 (real LTM virtual server address for monitor)