Forum Discussion

G_Georgievv1_36's avatar
G_Georgievv1_36
Icon for Nimbostratus rankNimbostratus
Jul 30, 2018

ARP problem with F5

Hi all, we have deployed BIG IP 13.1.0 in our customer and everything is working fine exept two things:

 

The F5 has virtual server in network (let's call this network X) , which acts as forwarding proxy. The problem is that, communication between hosts in network X is very strange. When we ping from some host A to another host B the ping is successful, but the arp table on host A says that MAC address on host B is the F5 ?? F5 only has some address in this network, that's all.

 

The second problem is that FTP is not working. When clients wants to reach some ftp severs outside the organization is not working. We have virtual servers for ftp, but still we face this problem.. What could be the problem ?

 

application delivery
arp
BIG-IP
ftp
Secure Web Gateway

9 Replies

Sort By
  • RaghavendraSY_7's avatar
    RaghavendraSY_7
    Icon for Cumulonimbus rankCumulonimbus
    Jul 30, 2018

    Hi,

     

    For FTP issue just verify SNAT configurations. Can you please provide your virtual server configurations?

     

    • G_Georgievv1_36's avatar
      G_Georgievv1_36
      Icon for Nimbostratus rankNimbostratus
      Jul 30, 2018

      Hi, this is the ftp virtual server configuration:

       

      ltm virtual ftp-catch { destination 10.65.4.247:ftp ip-protocol tcp mask 255.255.255.255 profiles { http-explicit { } tcp { } } source 0.0.0.0/0 translate-address enabled translate-port enabled vs-index 14 }

       

  • RaghavendraSY's avatar
    RaghavendraSY
    Icon for Altostratus rankAltostratus
    Jul 30, 2018

    Hi,

     

    For FTP issue just verify SNAT configurations. Can you please provide your virtual server configurations?

     

    • G_Georgievv1_36's avatar
      G_Georgievv1_36
      Icon for Nimbostratus rankNimbostratus
      Jul 30, 2018

      Hi, this is the ftp virtual server configuration:

       

      ltm virtual ftp-catch { destination 10.65.4.247:ftp ip-protocol tcp mask 255.255.255.255 profiles { http-explicit { } tcp { } } source 0.0.0.0/0 translate-address enabled translate-port enabled vs-index 14 }

       

  • Surgeon's avatar
    Surgeon
    Ret. Employee
    Jul 30, 2018

    It is better if you create another case for arp or ftp. Otherwise it will be a challenge to track the case

     

  • RaghavendraSY_7's avatar
    RaghavendraSY_7
    Icon for Cumulonimbus rankCumulonimbus
    Jul 30, 2018

    Please try enabling SNAT for above VIP so destinatio can see F5 Floating IP's as a source IP. I hope F5 floating IP's are allowed on destination end firewalls.

     

    • G_Georgievv1_36's avatar
      G_Georgievv1_36
      Icon for Nimbostratus rankNimbostratus
      Jul 31, 2018

      Hmmm I added SNAT but it's still not working . I'm tryng to go to ftp.symantec.com, so i think the destination firewall rules, aren't bothering me

       

  • RaghavendraSY's avatar
    RaghavendraSY
    Icon for Altostratus rankAltostratus
    Jul 30, 2018

    Please try enabling SNAT for above VIP so destinatio can see F5 Floating IP's as a source IP. I hope F5 floating IP's are allowed on destination end firewalls.

     

    • G_Georgievv1_36's avatar
      G_Georgievv1_36
      Icon for Nimbostratus rankNimbostratus
      Jul 31, 2018

      Hmmm I added SNAT but it's still not working . I'm tryng to go to ftp.symantec.com, so i think the destination firewall rules, aren't bothering me