Forum Discussion
Gedeon_47787
Nimbostratus
NimbostratusAccess to internet - issue from internal VLAN with SNAT
I need to configure an F5-LC to permit the hosts in the Internal VLAN have access to internet, and trying to use a SNAT:
·
SNAT_Lab
o
Translation: Pool_SNAT_Lab
o
Address List: 192.168.58.10 (PC in internal VLAN)
o
VLAN Traffic: All VLANs
·
Pool_SNAT_Lab
o
Member list: 189.54.127.47 y 187.41.61.47 IP’s public of each link
·
PC test configuration is IP 192.168.58.10 with gw 192.168.58.3 (Floating IP of the internal VLAN) its attached to a switch connected to 1.3 interface of F5 that is IP 192.168.58.1
Cspillane_18296Hi JB,
a couple of things:
1) set the SNAT to automap - once we get it working you can then use your own SNAT addresses (which will usually be IP's on the external VLAN, not of another device!)
2) Set the VLAN traffic to the internal VLAN ONLY
3) If you must use a virtual server for the outbound traffic it'll be a wildcard VS (0.0.0.0:*) to allow all traffic out. The pool will be the gateway(s) of the BigIP. You also need to turn off address and port translation of the VS in this configuration (to send traffic THROUGH rather than TO the gateway).
Hope this helps!
If you're still stuck, take a tcpdump!
Chris
Gedeon_47787Chris,
Thanks for your reply...
I just tried with your suggestions, but with the same result. With my workstation I can ping any IP on internet, but cannot resolve any name. For example, can ping and tracert 65.61.115.197 but not support.f5.com or anything else.
My workstation config is:
IP 192.168.58.10
NM 255.255.255.0
GW 192.168.58.5 (VIP of F5)
DNS 192.168.58.5 (VIP of F5)
What more should I check out?- Gedeon_47787OK... all its fine now... it was a missed configuration.
The price of the newbies. - Cspillane_18296Glad you got it working :)
If you get anymore problems, we're happy to help!
Enjoy your LTM, hope you like them as much as I do!
Chris.