Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

F5 ltm inter-vlan not working

hi all ,

I have two servers vlan and FW as GW for those vlan and F5 LTM with snat mode , we have issue with FW and we need to move GW from fw to F5 , when we config GW in severs to F5 self IP its work fine in same vlan but the two vlans can't communicate with each , from F5 we can reach all servers we have configure wild VS IP and L2 but still not working ,

what is the issue ?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

are you trying to route between them or are you passing specific application traffic between them on an ip/port level? If the former, make sure your wildcard VS covers the IP range of the two server vlans, that it is enabled on both vlans, that you make it a forwarding virtual server instead of standard, and that you enable all protocols (as necessary)

0
Comments on this Answer
Comment made 20-Feb-2015 by Meshal 16
hi i need to route between two vlans, i already create forwarding virtual server with 0.0.0.0 destination but no luck
0
Comment made 20-Feb-2015 by Jason Rahm
can you post a sanitized version of the appropriate configuration?
0
Comment made 20-Feb-2015 by Stephan Manthey 3803
In case you really modify all servers default gateways to point to the BIG-IPs floating self IP it should not be necessary to use SNAT. But if you still rely on SNAT please keep in mind, that by default ICMP will not be source NATed. It will require to set System ›› Configuration : Local Traffic : General [SNAT Packet Forwarding: All Traffic] to ping a server through the BIG-IP. Are there any default SNATs (SNAT List) configured on your system?
0
Comment made 20-Feb-2015 by Meshal 16
no there is not snat list
0
Comment made 20-Feb-2015 by Meshal 16
thanks for all it is working now , i found that in VS protocol was tcp only but one more question the severs now can reach both but when i ping from server in vlan A to self IP in vlan B no response ,
0
Comment made 20-Feb-2015 by Stephan Manthey 3803
This will require the virtual server to handle "All Protocols". If you still rely on SNAT AutoMap, please see my comment above.
0
Comment made 20-Feb-2015 by Meshal 16
Hi i didnt use SNAT i used virtual server with all protocols ,
0
Comment made 21-Feb-2015 by Stephan Manthey 3803
You can run a tcpdump to figure out what´s going wrong: tcpdump -nnni 0.0:nnnp --e -s 0 -c 1000 icmp and host <your_client_ip> After replacing the client IP with the IP address you are pinging from, you can watch the output. It should show the forwarded traffic between VLANs (I assume, the virtual server is configured as type "ForwardingIP") with a network / mask to cover the destination network). The trace will show you as well layer 2 information (MAC address, VLAN tag) and due to the "p" flag the packets forwarded to the target. So you should see the incoming ICMP echo request to the MAC address of the BIG-IP on clientside VLAN and the forwarded ICMP echo request from BIG-IP´s MAC address in the serverside VLAN targeting the MAC address of the real server. In case the real server has a route pointing to the BIG-IP´s floating self IP you should see now the ICMP echo response and how it is forwarded back to the client.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

but one more question the severs now can reach both but when i ping from server in vlan A to self IP in vlan B no response

is this what you are asking?

sol3475: The BIG-IP system may not respond to requests for a self IP address
https://support.f5.com/kb/en-us/solutions/public/3000/400/sol3475.html

0
Comments on this Answer
Comment made 21-Feb-2015 by Meshal 16
yes, so this is security reason
0