Forum Discussion
NimbostratusAWS Issue with F5/LTM
We are trying to implement a standalone LTM in AWS. Eventually GTM but lets get some basics working first :)
Network is 172.22.0.0/16 with 2 subnets. 172.22.1.0 for MGMT and 172.22.2.0 for DMZ.
All AWS ACL's, SG's, and instance Firewalls have been disabled or setup to allow an Any/Any scenario. All networks/IP's/protocol's are/were accessible via 10.0.0.0/8 corporate network via VPN prior to implementing F5
F5 Mgmt IP is 172.22.1.25 and DMZ IP is 172.22.2.250. F5 GW for 172.22.2.0 network is 172.2.1 or AWS GW.
Instances in the DMZ have a GW of the F5 or 172.22.2.250.
Virtual Server 1 is a Any/Any IP Forward port/protocol. Virtual Server 2 is a port 80 forward to a IIS Webserver
Traffic going to the web server works. Traffic going direct to the server does not. Say RDP for example. Setting up another VS for RDP then it works.
From the instance, trying to ping anything 10.0.0.0/8 does not work currently unless changing the GW back to the AWS Gateway.
Thoughts? We have this same setup working without issue in an on prem solution so I have to be missing something somewhere!!
1 Reply
Daniel_EppersonEmployee
Perhaps the added layer of complexity of the VPN combined with the differences of a BIG-IP in AWS are making things more challenging. Working with networking in AWS is probably much different than your on-site solution. For example, everything is routed in AWS, there is no real L2. I would recommend getting a BIG-IP test system and pool members set up in the same VPC so that you can grasp one technology change at a time. Once that solution is working, add in the VPN.
