Hi both,
Sorry about the delay in replying. We have had a VoIP phone roll-out over the last week so I have been heavily involved in the setup of that.
There is nothing in the logs for this iRule so I can't post anything in relation to that.
with regard to the network diagram it is as follows;
incoming traffic (172.16.20.0/24)
|
[ PIX (Cisco 525) ] - ACL's permit traffic
10.130.4.1 | | 10.130.32.1
| |
| |
10.130.4.10 | | 10.130.32.10
[ F5 Big IP (NAT addressing) ] - dg on F5 is 10.130.4.1
10.130.8.10 | 10.130.52.10
| |
10.130.8.0/22 10.130.52.0/24
| |
| |
[HP Switch] [HP Switch 5308XL] - dg 10.130.52.10 dg - 10.130.8.10 Routed
networks 10.130.52.0/24. 10.130.52.0/24,
10.130.54.0/24, 10.130.55.0/24
I have setup NAT addresses on the F5 to map to the backend networks e.g. 10.130.33.18 > 10.130.52.12 (this works) however 10.130.33.21 > 10.130.55.12 doesn't work. This is where I get the deny ICMP reverse path check. If I put routes on the F5 for the backend networks then I receive ICMP packets back but the routing iRule sees no traffic. Do i really need to setup routes on the F5 as without then I am seeing traffic on the PIX but through the wrong interface. If I get the iRule working so that it source routes the traffic through the correct interface then this is the ideal solution.
Regards,
Ed
Regards,
Ed