Forum Discussion

John_K_375235's avatar
John_K_375235
Icon for Nimbostratus rankNimbostratus
Oct 23, 2018

How do I source an ICMP ping echo from virtual server IP?

I have a virtual server on an LTM with an IP of 10.5.42.115. It is communicating over an IP sec VPN tunnel to a customer in AWS. The VIP is the only host in the encryption domain (SA) on our side. AWS cannot initialize a VPN, they only respond. Therefore when the tunnel times out I have to send them a packet from 10.5.42.115 to bring the tunnel back up. I have a loopback on a switch behind my ASA (VPN endpoint) with 10.5.42.115 assigned to it in a down state. When the tunnel goes down I have to no shut the loopback and ping a server on their side to bring it back up. I then have to no shut the loopback so that the traffic actually gets to the F5. I have to imagine theres a way the F5 can resolve my problem. I am thinking an iRule.

 

TLDR: I need to send an ICMP echo ping from a virtual server IP address periodically to keep a VPN tunnel alive.

 

application delivery
iRules
LTM

1 Reply

Sort By
  • rob_carr's avatar
    rob_carr
    Icon for Cirrostratus rankCirrostratus
    Oct 24, 2018

    The ping utility doesn't seem to like virtual server addresses or floating self IP addresses when using the '-I' flag, so I don't think you can -directly- generate ICMP traffic from an F5 using a virtual server address.

     

    I think you can create a forwarding virtual server, and apply a SNAT to the traffic handled by the virtual server, where the source translation address is the desired virtual server address. Then you just need something 'behind' the F5 to generate the ICMP traffic.

     

    https://support.f5.com/csp/article/K7366