Forum Discussion

Yasir_Irfan_194's avatar
Yasir_Irfan_194
Icon for Nimbostratus rankNimbostratus
Apr 12, 2017

Can't access virtual server IP from browser , however I can ping and telnet on port 80

Hi All,

 

I am new to f5, I am watching CBT nuggets ( Kieth) and build a topology using f5 VM. I have created 3 nodes with an IP 10.2.0.128,10.2.0.129 & 10.2.0.130(internal network) and mapped them to virtual server IP 192.168.1.177 (external network)for http service. From external network pc I can ping the VIP 192.168.1.177 and can telnet the same on port 80. However I cannot access it by browser. I could see the packets are received but there is no return traffic logs.

 

Also I have created a custom http monitor with following parameters GET /\r\n\r\n. All the nodes are up , pools are up. Can any one shed why this issue is persisting in the lab.

 

Cheers

 

Yasir

 

  • Hi All,

     

    You need to create a SNAT.

    Local Traffic >> Address Translation >>SNAT List

     

    Create new one with Translation Type 'Automap'

  • Hi,

     

    We have issuing the same issue. And the SNAT is configured to Automap. Can anyone meet this problem and is there any solution for that ?

     

  • Remove monitor Shell into the F5. Run: tcpdump -s0 -X -nnni 0.0 host 10.2.0.128 or host 10.2.0.129 or host 10.2.0.130

     

    Test connection.

     

    What do you see?

     

    BR Jan

     

  • Hi Jan,

     

    Thanks a lot for response.

     

    Our issue is related only to the Virtual Server IP address: we can ping it and can telnet the same on port 80. However we cannot access it by browser.

     

    For the Pool Servers, we don't have any issues. We can telnet them on port 80 and access them by browser. By we can't access the VIP by browser. I think the LTM feature is not functioning despite all the configuration is OK

     

    Regards, Ahmed

     

  • OK, hang on. You say you can telnet? So if you telnet to the virtual server:

    telnet 10.10.10.10 80 
    
    GET / HTTP/1.1 
    
    HOST:127.0.0.1 
    
    CONNECTION:close 
    

    Get you what response?

  • hi Yasir, i would like to remind you to check the default gateway on your web servers. make sure those are set correctly.

     

    • janholtz's avatar
      janholtz
      Icon for Altostratus rankAltostratus

      Default gateway should have no bearing if we are using SNAT.

       

      IF:

       

      1) Client can connect to virtual server

       

      2) F5 can connect to back-end hosts.

       

      We should only need correct SNAT, and we'll be happy.

       

      Some caveats for condition 2:

       

      Remember that when you telnet / curl from the LTM command line, it will ALWAYS use non-floating IP address to get to the back-ends.

       

      When you use a client machine, and hit the virtual server with SNAT automap, it will ALWAYS try to use the floating ip address to it's internal VLAN (if assigned), and THEN non-floating.

       

      ALL of the above are predicated on the premise that NONE of the traffic is trying to go / get to / from the management interface, in which case all bets are off and reality is guaranteed to get distorted.

       

      DO NOT use the management IP / interface for anything besides management. It will not work... you will make yourself unhappy.

       

      //Jan

       

    • Andy_304337's avatar
      Andy_304337
      Icon for Cirrus rankCirrus

      Hi Yasir

       

      You can try this command to see if your client ip is hitting snat and/or vip.

       

      Tmsh show sys coonection | grep [client ip]

       

      The snat ip wud generally be on 2nd column & vip be on 3rd or 4th column.

       

      Let us know the result.

       

  • Hi all,

     

    Is this issue still there?!

    Am facing the same problem but am not able to find a solution for it.

     

    Can anyone help please ?

  • Hey Man, 

    I am rookie with F5 as well, and experienced the same issue as you, in fact I had both, one with HTTP_VS and other with HHTPS_VS. 

    The fist one I solved anabling "automap" in HHTP_VS

    The second one I in the second I had forgotten to select a certificate in the SSL Profile (client) side

     

    I hope you have already solved your problem, anyway, here's the tip for the next rookie.