Making F5 as the Gateway - Need Step-by-Step Instructions

Question

Hi All, Here is my scenario - I have 2 exchange servers with default gateway to nexus switch 10.121.1.1 in vlan 622 I have VIP 10.221.16.24 - Uplink Vlan to Nexus - vlan 681 gw 10.121.16.1 I have snat automap - everything is working fine&nbsp;
Now they want to see clientIPs and i have to setup F5 as the gateway. &nbsp;
What I've done so far - Change Def GW on servers to point to F5 Self-IP Turn Off SNAT on VS Add a Forwarding IP (layer 2) with 0.0.0.0/0 - fastL4 profile - allowed vlan - Uplink Vlan to Nexus&nbsp;
Load Balanced traffic is working fine - but we can't access the server directly. &nbsp;
What configuration do i need on F5 and Nexus to get this working. ? Find lots of threads on thsi but can't undertand clearly and apply to my situation. Thanks for help in advance. &nbsp;

amolari · Answer

allowed Vlan should be the one on the client side. Is it the case?&nbsp;

eric_st__john · Answer

A few things:&nbsp;
You mention Forwarding IP, and Layer 2 Virtual Server.  These are 2 different types of virtual servers, you should be using a Forwarding IP Virtual Server, not a Layer 2.&nbsp;
Do you have a route on the Nexus switch pointing 10.121.1.0/24 to the BIG-IP on the 10.121.16.0 network?   You want to make sure that the traffic is flowing through the BIG-IP in both directions. &nbsp;
The Forwarding IP virtual server should be enabled on All VLANs, or at least both of the VLANs that traffic is flowing in and out of, in order to allow access to the servers and to allow the servers access out of their VLAN. &nbsp;
I suspect the issue is the second, and traffic is flowing around the BIG-IP as it arrives to the server, the server is sending the SYN ACK to the BIG-IP and the BIG-IP is dropping it. &nbsp;
If there are other servers on this VLAN and you cannot route all traffic through the BIG-IP, then you will have to enable Loose Initiate and Loose Close on the FastL4 profile that you assign to the Forwarding IP VS.&nbsp;

mfkk531_168091 · Answer

Do you have a route on the Nexus switch pointing 10.121.1.0/24 to the BIG-IP on the 10.121.16.0 network? &nbsp;
Can you please describe how do i achieve this? or a specific static route command for this&nbsp;

eric_st__john · Answer

You would configure a static route on the Nexus switch:&nbsp;
ip route 10.121.1.0 255.255.255.0 &nbsp;

mfkk531_168091 · Answer

Thanks - I have the static route on the Nexus. Now on the FwdIP im facing a issue in src and dest&nbsp;
I have vlan622 - Servers in Route Domain %16&nbsp;
I have vlan681 - VIPS in Route Domain %15&nbsp;
What should my src and dest be on this fwd VS?&nbsp;

Forum Discussion

Making F5 as the Gateway - Need Step-by-Step Instructions

8 Replies

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

Step-by-step guide to build a F5 AWAF lab on Google Cloud

add core guest step by step on active standby guest

Hands-on C: Understanding Pointers step by step

steps to configuring mx record by using wide IP

Big-IP installation step by step guide