Forum Discussion

genseek_32178's avatar
genseek_32178
Icon for Nimbostratus rankNimbostratus
Jun 14, 2012

Virtual not Working

Hi,

 

 

We ve the following wilcard VS defined for INET access of servers in VLAN 20

 

 

virtual vlan20_vs

 

pool poolvlan20

 

destination any:any

 

mask 0.0.0.0

 

profiles fastl4_vlan20

 

rule tcp_snat_vl20

 

vlans 20 enable

 

 

3 src servers in vlan 20 are able to access internet each using different publicly routable SNAT IPs as defined in the iRule - tcp_snat_vl20

 

 

SNAT IPs - 1.1.1.2, 1.1.1.3, 1.1.1.4 ( Vlan - 50 ) for each server to access external nwks

 

 

There is another VIP - 1.1.1.10, defined in the same vlan 50 as the SNAT IP network.

 

 

Issue is - This VIP is not accesible from the same 3 src servers which are able to access INET.

 

 

thanks

 

 

3 Replies

  • Hi Genseek,

     

     

    If you want the hosts on VLAN 50 to match the wildcard virtual, the virtual would need to be enabled on VLAN 50. Or you'd need routing set up outside of LTM to get the VLAN 50 hosts to the virtual on VLAN 20. If the clients are in the pool, you'd also need to ensure that the SNAT iRule would apply SNAT for the clients.

     

     

    Aaron
  • Aaron,

     

     

    Host are in Vlan20 not in Vlan 50.

     

     

    Remote VIP - 1.1.1.10 is in Vlan 50......config is as below

     

     

    virtual VS1_443

     

    snatpool pool2

     

    pool pool_443

     

    destination 1.1.1.10:443

     

    ip protocol tcp

     

    profiles tcp

     

    vlans 30, 50 enable

     

     

    snatpool pool2 - has IP - 1.1.1.35

     

     

    Hosts are configured to listen to wildcard VS..as mentioned above and below

     

     

    virtual vlan20_vs

     

    pool poolvlan20

     

    destination any:any

     

    mask 0.0.0.0

     

    profiles fastl4_vlan20

     

    rule tcp_snat_vl20

     

    vlans 20 enable

     

     

    Now 3 hosts in vlan 20 using the snat defined in rule are able to access internet but NOT able to access the remote VIP (1.1.1.10). This is the issue.

     

  • and by the way...remote VIP is also hosted on the same F5 device as the wilcard VS.