Very new to f5 equipment and have run directly into a snag.
Here's what I have
(not my real ips)
Untrust IP: 126.96.36.199
Production trust IP: 188.8.131.52
DMZ IP: 184.108.40.206
Untrust VIP: 220.127.116.11 maps to DMZ IP 18.104.22.168 (f5 virtual server pool)
Untrust VIP: 22.214.171.124 maps to Prod IP 126.96.36.199 (Web Server)
Policy allowing http port 80 from untrust to VIP 188.8.131.52 (f5) and VIP 184.108.40.206 (direct to web server)
F5 virtual server
1 internal node: 220.127.116.11
Source IP: 18.104.22.168
I can telnet to port 80 to both VIPs
I can browse to the website on 22.214.171.124 (this rules out firewall issues)
When I browse to the website that points to the f5 VIP I get website not available.
What am I doing wrong here? What can I do to see what the problems might be. I am green behind the ears and appreciate any input anybody has!
Alrighty, first thing first, need to clarify the situation:
So, we have some F5 gear, is it just LTM (load balancing) or AFM (Firewall)?
Next, the network:
External/Client IPs: (looks like you call them Untrust IPs?)
Virtual Server IPs:
126.96.36.199 - Direct to Webserver.. do you mean it goes around the F5 device? Or is it a fastl4 virtual server?
188.8.131.52 - Says Mays to Prod IP 184.108.40.206, Do you mean this virtual server has a pool assigned to it, that contains the pool member 220.127.116.11?
So... Quick DL on a basic Load Balanced HTTP server Setup.
------Clients: Where your traffic sources from, say IP: X.X
------Virtual Server: Listener on the LTM that is listening for connections from the Clients. In the case of an HTTP setup, we'd have something like:
Snat: Automap (often needed to clear up asymmetric routing issues. Can explain more, but that's another conversation)
Http Profile: HTTP
-----Pool: Contains the IPs of the actual webservers and the port they are listening on. In case of basic HTTP:
Monitor: HTTP (checks to be sure the member can be reached by the F5.
So the traffic path looks like:
Client X.X -----> LTM VS Y.Y.Y.Y:80 ---> POOL Member z.z.z.z:80
I apologize for the delayed response. You hit the nail on the head, it was the SNAT. Automap fixed it right away. Is there way to give you credit for the help?
I have another problem I'm trying to work out. I'm taking the online classes, but you may be able to answer right away. I have a SharePoint farm the config looks like this
Web front end
Web 01: 10.1.1.11
Web 02: 10.1.1.12
Various iis sites using host headers:
test1.contoso.com:5678 - utilizing ssl
test2.contoso.com:5687 - utilizing ssl
Going through the firewall, directly to the web site, it works correctly.
Going through the f5, it goes to the default site iis web page.
I really have no idea what I'm doing, but I'm sure I have it configured wrong.
Hi can you clarify the question what is the traffic flow/setup ? Is virtual server configured and pool is assigned to it ? what is your Virtual config .
Hi Josh and SynAck,
I apologize for the long delay, I am a SharePoint noob as well and it turned out to be my SharePoint alternate access mappings.
But for transparency,
I have an http pool setup with two backend nodes. All defaults.
I have an http virtual server all defaults except the Automap SNAT.
Cool stuff, a lot to learn and test. Thanks for your help, really appreciate it!