Forum Discussion

kuldeep_Thakur_'s avatar
kuldeep_Thakur_
Icon for Nimbostratus rankNimbostratus
Jul 18, 2012

F5 is replacing source address of my servers with floating self ip of engress vlan

HI guys i am new to f5 so dont knwo if i have configured it correctly or not . I have two Vlan's configured on My F5 . Engress Vlan(115) and Ingress Vlan(114). My servers are on Ingress Vlan and Clinets on engress side. SO i have created VS on Engress Vlan with Pool of my servers . When client send request to the VS VIP the source address on my server is the VS address and when server reply to client the source is again the VS address which seems to be ok . But the issues is that whn my servers try to send a request to Clients the source address is replaced by floating IP of my F5 engress VLAN. I want when ever any client wants to talk to my servers directly or vica virsa the source address should remain the orginal.

 

 

Right now i have configured Automap Snat and configured default gateway *.* to my engress router connect to my F5 engress Vlan Interface.

 

 

My servers have F5 ingress self floating IP as default gateway .

 

 

And if i dont use snat there is no comunication between engress Vlan and ingress vlan.

 

 

Thanks for the help as i new to F5 and dont know what is going on.

 

 

Thakur

 

 

 

10 Replies

  • Disable automap and you should see the client's source address. Everything should work fine as long as your servers have the f5's self ip as their default gateway
  • Hi Nick Thanks for the reply. But when i disable the Snat Auto map , the comunication between both the Vlan is broken and i canot reach my servers directly.from the clients. And when my clients are sending request directly to my server's Ip everything is working fine but when server sends the request to Clients the source IP is the IP of my Ingress Vlan Floating IP.

     

     

    Thanks.

     

     

     

  • do you have another snat setting besides under virtual server configuration?

     

     

    you may list snat setting using command below.

     

    b snat list
  • following is the out put of the command:-

     

    [admin@abc:Active] ~ b snat list

     

    snat nating {

     

    automap

     

    snatpool none

     

    origins default inet

     

    }

     

     

    If i disable this NAT the direct comunication from outside to inside and inside to outside is not working . Means any request coming from engress vlan to my servers(directly on server IP) is not reaching my servers and request going from my servers through ingress vlan is not going outside through engress_vlan.

     

     

    Thanks
  • bigip is a default-deny device. to allow traffic from one vlan to another, at least one listener object has to be configured. there are 3 listener object types which are virtual, snat, nat.

    since you do not need snat/nat, can you delete snat and create 2 virtuals; one for incoming and the other one for outgoing? because outgoing virtual is ip forwarding virtual, do not forget to add default route on bigip.

    e.g.

    [root@ve10:Active] config  b virtual list
    virtual vs_incoming {
       pool pool_server
       destination 172.28.19.79:80
       ip protocol 6
       profiles {
          http {}
          tcp {}
       }
    }
    virtual vs_outgoing {
       ip forward
       destination any:any
       mask 0.0.0.0
    }
    
    [root@ve10:Active] config  b route list
    route default inet {
       gateway 172.28.19.254
    }
    
    [root@ve10:Active] config  b snat list
    No SNATs were found.