Forum Discussion
Yasir_Irfan_194
Nimbostratus
NimbostratusCan't access virtual server IP from browser , however I can ping and telnet on port 80
Hi All,
I am new to f5, I am watching CBT nuggets ( Kieth) and build a topology using f5 VM. I have created 3 nodes with an IP 10.2.0.128,10.2.0.129 & 10.2.0.130(internal network) and mapped them to virtual server IP 192.168.1.177 (external network)for http service. From external network pc I can ping the VIP 192.168.1.177 and can telnet the same on port 80. However I cannot access it by browser. I could see the packets are received but there is no return traffic logs.
Also I have created a custom http monitor with following parameters GET /\r\n\r\n. All the nodes are up , pools are up. Can any one shed why this issue is persisting in the lab.
Cheers
Yasir
Usually SNAT related,
Use a SNATPool or Snat Automap....
IainThomson85_1Cumulonimbus
Usually SNAT related,
Use a SNATPool or Snat Automap....
TKThamiraHi All,
You need to create a SNAT.
Local Traffic >> Address Translation >>SNAT List
Create new one with Translation Type 'Automap'
ahmed_bouja_303Hi,
We have issuing the same issue. And the SNAT is configured to Automap. Can anyone meet this problem and is there any solution for that ?
- janholtz
Altostratus
Remove monitor Shell into the F5. Run: tcpdump -s0 -X -nnni 0.0 host 10.2.0.128 or host 10.2.0.129 or host 10.2.0.130
Test connection.
What do you see?
BR Jan
- ahmed_bouja_303
Hi Jan,
Thanks a lot for response.
Our issue is related only to the Virtual Server IP address: we can ping it and can telnet the same on port 80. However we cannot access it by browser.
For the Pool Servers, we don't have any issues. We can telnet them on port 80 and access them by browser. By we can't access the VIP by browser. I think the LTM feature is not functioning despite all the configuration is OK
Regards, Ahmed
- janholtz
OK, hang on. You say you can telnet? So if you telnet to the virtual server:
telnet 10.10.10.10 80 GET / HTTP/1.1 HOST:127.0.0.1 CONNECTION:closeGet you what response?
- sasi60_360261
hi Yasir, i would like to remind you to check the default gateway on your web servers. make sure those are set correctly.
- janholtz
Default gateway should have no bearing if we are using SNAT.
IF:
1) Client can connect to virtual server
2) F5 can connect to back-end hosts.
We should only need correct SNAT, and we'll be happy.
Some caveats for condition 2:
Remember that when you telnet / curl from the LTM command line, it will ALWAYS use non-floating IP address to get to the back-ends.
When you use a client machine, and hit the virtual server with SNAT automap, it will ALWAYS try to use the floating ip address to it's internal VLAN (if assigned), and THEN non-floating.
ALL of the above are predicated on the premise that NONE of the traffic is trying to go / get to / from the management interface, in which case all bets are off and reality is guaranteed to get distorted.
DO NOT use the management IP / interface for anything besides management. It will not work... you will make yourself unhappy.
//Jan
Andy_304337Cirrus
Hi Yasir
You can try this command to see if your client ip is hitting snat and/or vip.
Tmsh show sys coonection | grep [client ip]
The snat ip wud generally be on 2nd column & vip be on 3rd or 4th column.
Let us know the result.
Mohamed_FadhulHi all,
Is this issue still there?!
Am facing the same problem but am not able to find a solution for it.
Can anyone help please ?
David_Anderson_Hey Man,
I am rookie with F5 as well, and experienced the same issue as you, in fact I had both, one with HTTP_VS and other with HHTPS_VS.
The fist one I solved anabling "automap" in HHTP_VS
The second one I in the second I had forgotten to select a certificate in the SSL Profile (client) side
I hope you have already solved your problem, anyway, here's the tip for the next rookie.