Forum Discussion

akqadm_158140's avatar
akqadm_158140
Icon for Nimbostratus rankNimbostratus
May 27, 2014

static routes in 1 Route Domain between different VLANS

Hello, I have problems with static routing on my F5 Cluster. My setup is as follows

 

Server---VlanX-----F5-----VlanY-----Firewall

 

Vlan X and Y are diffents IP Netzworks but both in the same Route-Domain. I need to implement a default Route on The F5 to direct all traffic coming from Vlanx to the Firewall. What I tryed so far is setting up a static route entry and a Forward Virtual Server for this Route-Domain but it just don´t works. What do I forget here or what am I doing wrong? i´m using BIG-IP v11.5.1 btw Kind regards akadm

 

APM
application delivery
deployment
LTM
security
TMOS

5 Replies

Sort By
  • Thomas_Gobet's avatar
    Thomas_Gobet
    Icon for Nimbostratus rankNimbostratus
    May 27, 2014

    Hi,

     

    You have to use a Virtual Server in forwarding state, but destination IP must be 0.0.0.0/0 if you want to use it as a default condition.

     

    And if your F5 isn't the default gateway on your firewall, you'll have to apply SNAT.

     

  • akqadm_158140's avatar
    akqadm_158140
    Icon for Nimbostratus rankNimbostratus
    May 27, 2014

    Thanks for your reply,

     

    the F5 is the default gateway of my Firewall so i think i do not need SNAT here. But it does not work if I set the Destination of my virtual Server to 0.0.0.0/0. It only wokrs when i set it to dedicated IPs like 8.8.8.8 for google.de or another host IP in my local network. But it don´t works with all zero .... But I don´t want to configure a VS per Destiantion IP.....

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    May 27, 2014

    But it does not work if I set the Destination of my virtual Server to 0.0.0.0/0.

    can you post the virtual server configuration?

     tmsh list ltm virtual (name)
  • akqadm_158140's avatar
    akqadm_158140
    Icon for Nimbostratus rankNimbostratus
    May 27, 2014

    Hi, of course :) Do not wonder about the name it is just for testing :)

     

    ltm virtual dlfiud { address-status no destination 0.0.0.0%3:any ip-forward ip-protocol tcp mask any profiles { fastL4 { } } source 10.246.67.0%3/27 translate-address disabled translate-port disabled vs-index 18

     

  • akqadm_158140's avatar
    akqadm_158140
    Icon for Nimbostratus rankNimbostratus
    May 27, 2014

    I just saw that allowed protocols of my VS was set to TCP. I changed to all protocols and now it seems to work :) I will test now.