aa_101481
Oct 28, 2010Nimbostratus
LC outbound Cannot access some https sites
Platform:BIGIP LC 6900
TMOS:V10.2+HF2
Configuration files :
virtual VS_outbound {
destination any:any
mask 0.0.0.0
rules irules_outbound
}
virtual VS_outbound_ftp {
translate service disable
destination any:ftp
mask 0.0.0.0
ip protocol tcp
rules irules_outbound
profiles {
ftp {}
tcp {}
}
}
-------------------------------------------------------
rule irules_outbound {
when CLIENT_ACCEPTED {
if {[matchclass [IP::remote_addr] equals $::ct_snat] or [matchclass [IP::remote_addr] equals $::ct_client]}
{ pool ct_link }
else { if {[matchclass [IP::remote_addr] equals $::cnc_snat] or [matchclass [IP::remote_addr] equals $::cnc_client]} { pool cnc_link }
else { pool ct_link }
}
}
}
-------------------------------------------------------
class ct_snat {
{
network 172.30.224.0/24
host 10.148.128.30
... ...
}
class ct_client {
{
network 172.40.224.0/24
... ...
}
class cnc_snat {
{
network 192.168.1.0/24
host 192.168.10.163
... ...
}
class cnc_client {
{
network 192.168.100.0/24 ... ...
}
------------------------------------------------------------
ISSUE:
After a day of implementation, client says that some of the users cannot access some HTTPS sites.