Forum Discussion
Linda_01_162621
Nimbostratus
NimbostratusCannot access the internet using a default gateway virtual server
I am newbie, I am using a BIG-IP 2000 (11.6.0) version.
As a start, I want to create a simple network:
-
Client PC
- 10.0.0.1
- 255.255.255.0
- GW: 10.0.0.254 *connected to int VLAN. i.e. port 1.1
-
BIG-IP System
- ext router IP address: 172.16.100.17 - connected to port 1.2
- pool: member (172.16.100.17)
- virtual server: uses the above defined pool as the default. Type(Performance L4), Source address (0.0.0.0/0), Destination (0.0.0.0), port(all services)
- Self IP: 172.16.100.19 (255.255.255.240) (ext VLAN untagged mapped 1.2)
- Self IP: 10.0.0.254 (255.255.255.0) (int VLAN untagged mapped 1.1)
I can ping the ext router (172.16.100.17) but when I try to ping the internet, its says destination network unreachable. I did a tracert and found that, the gateway (10.0.0.254) does not know how to forward the packets when pinging the internet. Also on the statistics, no connections are shown to the virtual server, even though I can ping the ext router. I want to access the internet through the client PC
Is there any configuration that I am missing here?
You must disable address and port translation on your Virtual Server. These are under the "Advanced" configuration. Without that, all traffic will be forwarded to the pool member using it's IP address as the destination. Moreover, assuming you want to forward more than TCP traffic, you must change the Protocol to "*All Protocols". You almost certainly want to limit the VS to just your internal VLAN (change "VLAN and Tunnel Traffic" to "Enabled on..." and move the internal VLAN to the "Selected" box).
Incidentally, this can be achieved a different way. If you set the BIG-IP default route to 172.16.100.17, you could then use a "Forwarding (IP)" Virtual Server type, which uses the BIG-IP route table to forward traffic.
- I had the same problem and I found the solution by changing the vmnet0 bridge from automatic to the associated Network Ethernet Adapter. Vmware>Edit>Virtual Network Adapter>vmnet0
VernonWellsEmployee
You must disable address and port translation on your Virtual Server. These are under the "Advanced" configuration. Without that, all traffic will be forwarded to the pool member using it's IP address as the destination. Moreover, assuming you want to forward more than TCP traffic, you must change the Protocol to "*All Protocols". You almost certainly want to limit the VS to just your internal VLAN (change "VLAN and Tunnel Traffic" to "Enabled on..." and move the internal VLAN to the "Selected" box).
Incidentally, this can be achieved a different way. If you set the BIG-IP default route to 172.16.100.17, you could then use a "Forwarding (IP)" Virtual Server type, which uses the BIG-IP route table to forward traffic.
Linda_01_162621Thank for the response.
However, I tried all the suggestions mentioned here.
- Disabling the address and port translation
- Defining a default route using the route object in configuration utility
- Use a Forwarding IP virtual server
- Enabled all protocols on the virtual server
- Enabled the virtual server ONLY on the internal VLAN (as suggested)
None of them are working. Should I be able to ping the Self IPs? How can I troubleshoot to see where the problem is? Tracert shows that the default gateway set in the test PC (self IP address on the internal VLAN - 10.0.0.254) does not know where to forward packets destined for a network that is not directly connected to the system. i.e. does not forward the traffic to the default gateway through the virtual server and the pool members (destination net unreachable).
nitasshave you tried snat automap under virtual server configuration?
- Linda_01_162621
Thank you for the help.
I was able to sort out the problem, well at least its working now. I can ping google from the test PC.
Virtual server: source 0.0.0.0/0, destination: 0.0.0.0. Source address translation (auto map).
Port and address translation (disable).
Re-created a default gateway route to use the pool that contains the external router. (Destination and Mask: 0.0.0.0).
I am not sure why it was not working, but it is working now.
THANKS
HamzaCirrus
- Hamza
Also Linda_01_162621 if "ip address translation" is disabled, the pool will be useful if the virtual server and pool memeber have the same ip address. so in your case it's not necessary to create a pool for ex router.
You need just configure a default route with the gateway (172.16.100.17).
- VernonWells
Since you enabled automap SNAT, then when the traffic egresses the BIG-IP (toward the router), the BIG-IP changes the source address from that of the client to a self IP (of the BIG-IP) on the egress VLAN. This suggests that the router either does not have a route back to the client netblock, or that its route to the client netblock is not forwarded through the BIG-IP. In this case, the application of automap SNAT would make traffic work because the router and the BIG-IP share IP addresses in a common netblock on a common VLAN. Naturally, the router will have a route to a directly connected network.
Jessica_42876Hi
I have a similar issue, could you please helpe, I can solve it.
https://community.f5.com/t5/technical-forum/destination-net-unreachable/m-p/137356
Jessy
- Yaree_263546I had the same problem and I found the solution by changing the vmnet0 bridge from automatic to the associated Network Ethernet Adapter. Vmware>Edit>Virtual Network Adapter>vmnet0
- martinxgarrix_3
Hey thanks a lot bro. Changing the vmnet0 solved the problem for me. i was not able to access internet using the default gateway (10.0.0.1) virtual server but now i can. Just follow the steps: Vmware>Edit>Virtual Network Adapter>vmnet0.
Thanks again