Forum Discussion
CANNOT ACCESS F5 VIRUAL SERVER GUI
Adeyinka Can you provide us the configuration of the virtual server and any associated configuration such as iRules, traffic policies, pools, and so on? At this point I would recommend performing a tcpdump to figure out if the requests are being sent to the servers and what they are responding with. You should be able to run the following but before doing that I would change from automap to snat pool and configure a snat pool list with 1 IP and it should be the IP of the virtual server in question.
tcpdump -nni 0.0:nnp host <f5_snaptpool_IP> -w /shared/tmp/mycapture.pcap
This tcpdump should provide you with the traffic from client -> VS and VS -> pool members. Typically the F5 will attempt to use the same ephemeral port so it should be relatively easy to filter this out in Wireshark to see the full client the F5 connection as well as the F5 to pool member connection.
- AdeyinkaJul 05, 2023Nimbostratus
Hello Paulius,
Thanks for the prompt response.
Do you mean a screenshot of the virtual server configuration page on the GUI? I can share that when next I connect w/ the client.
As for the tcp dump you stated above, is that the format of the command I will run as you posted? And I'm guessing that can be done via putty ssh into the management address? I will run that when next I connect with the client.
However, I should also note that the client does not want to change the gateway of the nodes (servers) to the F5 IP as this will mean loss of connection to the server. Is this a must to do? As this is a 2-arm configuration? Or must it be changed to 1-arm?
I look forward to your response.
- PauliusJul 05, 2023MVP
Adeyinka The following are your questions and my answers.
1q. Do you mean a screenshot of the virtual server configuration page on the GUI?
1a. A screenshot would work of each piece but a CLI output would be even better.2q. As for the tcp dump you stated above, is that the format of the command I will run as you posted? And I'm guessing that can be done via putty ssh into the management address?
2a. The tcpdump above is the exact format and the only piece you would have to swap is the < > and what is between them.3q. However, I should also note that the client does not want to change the gateway of the nodes (servers) to the F5 IP as this will mean loss of connection to the server. Is this a must to do? As this is a 2-arm configuration? Or must it be changed to 1-arm?
3a. As long as you have SNAT enabled, preferrably snat pool list rather than automat you should be fine without any gateway changes. If you aren't going to have the F5 as the gateway you should just configure it in one-arm mode instead of in path. If you intend to eventually make the F5 the gateway then you can leave it in path.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com