Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

How to configure internet output

Good Morning,

I would like to know how I make an internal host go out through a specific gateway.

I have two internet gateways: 189.9.36.193 (gw1) and 200.168.208.233 (gw2). I have an internal host with ip 10.213.50.30 (host).

I need the package to have the following path 10.213.50.30 (host) -> 10.213.50.1 (f5) -> 200.168.208.233 (gw2)

Thank you very much.

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Create a performance layer4 virtual server. Destination 0.0.0.0/0 and source 10.213.50.30/32. Create a pool with IP 200.168.208.233, and apply to the virtual server.

That should work. Forwarding IP type does not have a pool option, so you can't use in this case, because it would use the routing table.

1
Comments on this Answer
Comment made 05-Jan-2018 by Leonardo Souza 3174

Don't forget to apply SNAT, probably automap.

0
Comment made 05-Jan-2018 by dyegosouza 53

To get better, I'll leave the topology below:

Host: 10.213.50.30

Switch l3: in: 10.213.51.254 // out: 10.216.2.3

Firewall: in: 10.216.2.1 // out: 172.18.1.3

F5: 172.18.1.2 // out1: 189.9.36.220 // out2: 200.168.208.234

Gw1: 189.9.36.193 // gw2: 200.168.208.233

I created it exactly as you told me, but when I put it in the statistics, I do not have the statistics for the new VS. I did the output translation using a SNAT pool. When doing the tracert I have the following result in the jumps:

1 10.213.51.254

2 10.216.2.1

3 172.18.1.2

4 189.9.1.193 <- gw1 - wrong gateway

5 23.161.104.21 <- internet

0
Comment made 09-Jan-2018 by Leonardo Souza 3174

Tracert in windows use ICMP, and other systems use UDP, by default. If you haven't done, can you change the virtual server protocol to all, the default is TCP. If does not work, post the new virtual server configuration here.

0
Comment made 11-Jan-2018 by dyegosouza 53

Good afternoon Leonardo, first of all I would like to thank you for all the support. The problem was solved, the firewall was performing an outbound NAT, before the F5's outbound NAT. So VS could not filter through the source IP, since the source changed in the NAT of the firewall.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You can add static route towards to internet. Go through link

    create /net route 10.213.50.1/32 gw 200.168.208.233
0
Comments on this Answer
Comment made 05-Jan-2018 by NAG

But Destination IP could be any Public IP on the internet but not 10.213.50.1 to Match the route.

Therefore, creating performance layer4 virtual server is the way to go.

0
Comment made 05-Jan-2018 by dyegosouza 53

So we are creating a static route using the origin and not the destination? In case the source network would be 10.213.50.0/23 and the host would be 10.213.50.30. It would then be "create /net route 10.213.50.30/32 gw 200.168.208.233". Was that right? Thank you.

0
Comment made 05-Jan-2018 by NAG

You cannot have a static route entry to rote packets based on source IP.

Forget about Static routes.

As Leonardo Souza explained earlier, Use performance layer4 virtual server with with GW as pool and using SNAT enabled

0