Gordon_Bailey-M
Mar 22, 2017Historic F5 Account
APM VPN ICMP not working
So I have a little lab setup, and I have created a SSL VPN with a network access profile. Everything TCP related works to my backend (HTTP; HTTPS etc), but for some reason I can't ping any backend server. I just get a:
36 bytes from [self-ip-of-F5]: Dest Unreachable, Bad Code: 9
Now I've tried various things: 1) Added ICMP allow all to ACLs (note: there are no other ACLs on the F5) 2) Allowed SNAT for ALL traffic (under System -> Configuration -> Local Traffic -> General)
But nothing works - I get the same error.
Now I know my SSL VPN VS is a TCP VS, but isn't the concept that there is a TCP tunnel between the client and the F5, and that the ICMP would come out of this tunnel, get SNATTED and then be able to get to the backend?