NimbostratusSNAT Virtual Server is sending ICMP Destination Unreachable to Source Server
I have several servers sitting behind a F5 LTM running 11.6 HF6 that when sending a UDP packet that is defined in the Virtual Server to be SNATed are instead getting an ICMP Message sent to them of Destination Unreachable / Administratively Filtered
A little more background.
The servers sit behind an F5 LTM that is configured in a one armed setup F5s Default Route is the upstream L3 Switch HSRP IP Address The servers have their Default GW set to the F5 Clusters Floating IP Address
There is an Outbound Forwarding Virtual Server configured Source of 0.0.0.0/0 and Destination of 0.0.0.0/0 and a modified fastL4 that has the Loose Initiation and Loose Close selected. This is working as desired.
There are 7 inbound Virtual Servers that forward traffic hitting a VIP for specific ports / protocol to the servers. This is working as desired.
There is an Outbound SNAT Virtual Server setup with Source of the server subnet (have also tried just to source an individual server) and Destination of 0.0.0.0/0 looking for UDP packets on destination port of 1700 to then be SNATed into the VIP IP Address used in the other inbound Virtual Servers.
This is NOT working. I am seeing from packet captures from the F5 and the servers themselves that they send out the UPD destination port 1700 packet, and a few milliseconds later the F5 sends an ICMP Destination Unreachable / Communication administratively filtered message to the server.
The servers are sending and receiving TCP and UDP traffic on all other ports with no apparent issues except for this Outbound SNAT Virtual Server
Some things I have tried is to set the System > Configuration > Local Traffic > SNAT from TCP and UDP only to All traffic. But this has not changed the behavior. I have searched the Answers but have not seen anything that gives me a hint as to what to change next.
So any thoughts on what I need to change to get this to work?
