Simple routing issue?

Question

I'm having a bit of trouble understanding what small bit of information I'm missing that's causing me a bunch of grief. I've attached a network diagram to this message to help illustrate my configuration.&nbsp;
&nbsp;I have already set up the virtual server for forwarding, and this appears to work if and only if I have no NAT set up to get to the outside world. As soon as I set up a NAT to get to the outside world, then when I ping between 10.0.10.x and 10.0.11.x I see the public IP when I get the ICMP request (as viewed via tcpdump).&nbsp;
&nbsp;I can't imagine that this is that difficult; can anyone help me to understand what I'm overlooking? I have the forwarding VS set up for all VLANs, and when I set up the NAT, I set it to only be on the external VLAN.&nbsp;
&nbsp;Any suggestions?

hooleylist · Answer

I've never had much success with NATs and VIPs together.  In general, it's more effective to use a virtual server to pass the traffic.  If you want a one-to-one correlation between the virtual IP and the host, you can define a VIP pointing to a pool with the single host.  If you want to allow all ports, you can define the VIP and the pool member on port 0 (any port).&nbsp;
&nbsp;Aaron

kykong_107132 · Answer

Hi,
&nbsp;Normally I'll use SNAT automap for internet access instead of NAT. you can try to create a wildcard_vs with LTM default gateway as pool member. enable automap for this wildcard_vs. lastly, delete the NAT. following is the sample of the configuration.&nbsp;
&nbsp;pool default_gw {
&nbsp;  member 72.x.x.1:any
&nbsp;}&nbsp;
&nbsp;virtual wildcard_vs {
&nbsp; destination any:any
&nbsp; mask none
&nbsp; pool default_gw
&nbsp; snat automap
&nbsp;}&nbsp;
&nbsp;regards,
&nbsp;KY&nbsp;

Forum Discussion

Simple routing issue?

2 Replies

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

Issue on management route

Simple Sideband - iRule sideband the easy way

F5 Distributed Cloud - Customer Edge Site - Deployment & Routing Options

BIG-IP Solutions: Simple URL Redirects

BIG-IP BGP Routing Protocol Configuration And Use Cases