Can't communicate outside the Bigip

Question

I recently upgraded my standby bigip from 9.1.2 to 9.4.5 
&nbsp; I messed up and did not restore my config at the time so i had to manually configure it. 
&nbsp; After I configured the box from scratch (its configured identical the the active box (its still on 9.1.2) I get no connectivity to the outside network 
&nbsp; when i take out the default-gateway the nodes that are not on that network come up but the nodes that are on the same network as the default gateway stay down. 
&nbsp;  
&nbsp; any ideas if you understood this??

hooleylist · Answer

There must have been some object in the 9.1.2 config that was used to allow outbound access.  LTM is a default deny device so no traffic would pass through without a VIP, SNAT or NAT to do it.  You can configure one or more of these objects to allow outbound access.  A wildcard virtual server with destination address translation disabled would be the most configurable.  You can set it to forward if you want to use the routing table or you can specify a gateway pool if you have multiple routers.  You can check the LTM config guide on AskF5.com for more information. 
&nbsp;  
&nbsp; Aaron

smp_86112 · Answer

Last weekend I cut over to new hardware, and had what sounds to be similar symptoms. I could ping my default gateway, but when I tried to get past it, I got "network is unreachable". From outside I could ping the LTM, but could not ssh or pull up the management gui. I ended up restarting the LTM, and that resolved it.

adamsr1_1542 · Answer

here is my senero... I upgraded from 9.1.2 to 9.2.1  and missed the prompt to roll my config over so I continued to upgrade to 9.4.5. 
&nbsp; I then had to manually configure the box and i did it exactly to match the active box thats still on 9.1.2. 
&nbsp;  
&nbsp;  
&nbsp; VIP 10.10.10.60 
&nbsp; pool member 10.10.10.10 
&nbsp; pool member 10.10.10.9 
&nbsp;  
&nbsp; self ip 10.10.10.70 
&nbsp; self ip 10.10.10.69 floater 
&nbsp;  
&nbsp;  
&nbsp; self ip 10.10.10.80 
&nbsp; self ip 10.10.10.69 floater 
&nbsp;  
&nbsp;  
&nbsp; I have a snat list created and auto snat  enabled on the VIP's 
&nbsp; thses are all red they can't communicate with anything 
&nbsp;  
&nbsp; I have vips on different vlans  that are green but once I put a default gateway of 10.10.10.1 on my LTM the VIP's that were green instantly turn red and it was all working on vertion 9.1.2 
&nbsp;  
&nbsp;  
&nbsp;  
&nbsp;  
&nbsp;  
&nbsp;  
&nbsp;  &nbsp;

adamsr1_1542 · Answer

I SCREWED UP....HERE IS THE SENERO: 
&nbsp;  
&nbsp; here is my senero... I upgraded from 9.1.2 to 9.2.1 and missed the prompt to roll my config over so I continued to upgrade to 9.4.5.  
&nbsp; I then had to manually configure the box and i did it exactly to match the active box thats still on 9.1.2.  
&nbsp;  
&nbsp; VIP 10.10.10.60  
&nbsp; pool member 10.10.10.10  
&nbsp; pool member 10.10.10.9  
&nbsp;  
&nbsp;  
&nbsp; VIP 10.10.10.50 
&nbsp; pool member 10.10.10.8 
&nbsp; pool member 10.10.10.7 
&nbsp;  
&nbsp; self ip 10.10.10.70  
&nbsp; self ip 10.10.10.69 floater  
&nbsp;  
&nbsp; ROUTER 10.10.10.1 
&nbsp;  
&nbsp;  
&nbsp;  
&nbsp; I have a snat list created and auto snat enabled on the VIP's  
&nbsp; thses are all red they can't communicate with anything  
&nbsp;  
&nbsp; I have vips on different vlans that are green but once I put a default gateway of 10.10.10.1 on my LTM in the routing table  the VIP's that were green instantly turn red and it was all working on vertion 9.1.2  
&nbsp;  &nbsp;

Forum Discussion

Can't communicate outside the Bigip

4 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

About AWAF "Redirect URLs" in "Responses and Blocks"

ISP Bandwidth Utilization

F5 Rseries HA

Related Content

DevCentral Community Guidelines

DevCentral Community Ranking Explained

Community Learning Path: Multi-Cloud Networking

Community Highlights, Week 15 '23

Community Highlights, Week 48 '23