APM VPN ICMP not working

Question

So I have a little lab setup, and I have created a SSL VPN with a network access profile.  Everything TCP related works to my backend (HTTP; HTTPS etc), but for some reason I can't ping any backend server.  I just get a:&nbsp;
36 bytes from [self-ip-of-F5]: Dest Unreachable, Bad Code: 9&nbsp;
Now I've tried various things:
    1) Added ICMP allow all to ACLs (note: there are no other ACLs on the F5)
    2) Allowed SNAT for ALL traffic (under System -&gt; Configuration -&gt; Local Traffic -&gt; General)&nbsp;
But nothing works - I get the same error.&nbsp;
Now I know my SSL VPN VS is a TCP VS, but isn't the concept that there is a TCP tunnel between the client and the F5, and that the ICMP would come out of this tunnel, get SNATTED and then be able to get to the backend?&nbsp;

kunjan · Answer

Under Network Accesss config there is SNAT Pool, try changing it to AutoMap, also try proxy arp. &nbsp;

Forum Discussion

APM VPN ICMP not working

1 Reply

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

SSL Bridging and FQDN rewrite Policy

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Could not communicate with the system. Try to reload page.

F5 BIG IP laboratory license

F5 mssql health monitor failing

Related Content

icmp of management firewall

Terraform LTM provider - ICMP disabled on resulting VIPs

Working with MasterKeys

APM variable assign examples

ICMP Custom Source Address Monitor

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS