Forum Discussion
Adeyinka
Nimbostratus
NimbostratusCANNOT ACCESS F5 VIRUAL SERVER GUI
Hello everyone,
I am currently facing the following issue.
I have configured:
- Management Interface
- Activated license and provisioned modules.
- Installed Device Certificate and SSL Certificate.
- Configured Platform Properties (DNS, NTP, FQDN, etc.)
- Configured the Network (VLANs, Self IP, Nodes, Virtual Server, Monitors, Routes etc.)
- Configured SNAT as Automap on Virtual Server
All IPs, Nodes, Pools, & Virtual Server are up and are showing GREEN.
I can reach the Virtual IP via ping (icmp) but cannot access it on the GUI (URL). It shows traffic reaching the Virtual Server from the statistics page but I still cannot access the GUI(URL). I can also reach the servers directly through ping (icmp) and URL.
Please help. It is urgent. Thank you.
- Paulius
MVP
Adeyinka Can you provide us the configuration of the virtual server and any associated configuration such as iRules, traffic policies, pools, and so on? At this point I would recommend performing a tcpdump to figure out if the requests are being sent to the servers and what they are responding with. You should be able to run the following but before doing that I would change from automap to snat pool and configure a snat pool list with 1 IP and it should be the IP of the virtual server in question.
tcpdump -nni 0.0:nnp host <f5_snaptpool_IP> -w /shared/tmp/mycapture.pcap
This tcpdump should provide you with the traffic from client -> VS and VS -> pool members. Typically the F5 will attempt to use the same ephemeral port so it should be relatively easy to filter this out in Wireshark to see the full client the F5 connection as well as the F5 to pool member connection.
AdeyinkaHello Paulius,
Thanks for the prompt response.
Do you mean a screenshot of the virtual server configuration page on the GUI? I can share that when next I connect w/ the client.
As for the tcp dump you stated above, is that the format of the command I will run as you posted? And I'm guessing that can be done via putty ssh into the management address? I will run that when next I connect with the client.
However, I should also note that the client does not want to change the gateway of the nodes (servers) to the F5 IP as this will mean loss of connection to the server. Is this a must to do? As this is a 2-arm configuration? Or must it be changed to 1-arm?
I look forward to your response.
- Paulius
Adeyinka The following are your questions and my answers.
1q. Do you mean a screenshot of the virtual server configuration page on the GUI?
1a. A screenshot would work of each piece but a CLI output would be even better.2q. As for the tcp dump you stated above, is that the format of the command I will run as you posted? And I'm guessing that can be done via putty ssh into the management address?
2a. The tcpdump above is the exact format and the only piece you would have to swap is the < > and what is between them.3q. However, I should also note that the client does not want to change the gateway of the nodes (servers) to the F5 IP as this will mean loss of connection to the server. Is this a must to do? As this is a 2-arm configuration? Or must it be changed to 1-arm?
3a. As long as you have SNAT enabled, preferrably snat pool list rather than automat you should be fine without any gateway changes. If you aren't going to have the F5 as the gateway you should just configure it in one-arm mode instead of in path. If you intend to eventually make the F5 the gateway then you can leave it in path.
- whisperer
If this is urgent, please raise a sev1 support ticket with F5 Support.
That said. Did you check the network? The subnet for the VIPs should have self IPs in the F5 BIGIP. These IP addresses are used for SNAT auto map. However, did you also make sure that the internal network has a route for that subnet pointing to the F5 self IP (standalone) or floating self IP (HA)?
