Can't communicate outside the Bigip

Question

I recently upgraded my standby bigip from 9.1.2 to 9.4.5 
&nbsp; I messed up and did not restore my config at the time so i had to manually configure it. 
&nbsp; After I configured the box from scratch (its configured identical the the active box (its still on 9.1.2) I get no connectivity to the outside network 
&nbsp; when i take out the default-gateway the nodes that are not on that network come up but the nodes that are on the same network as the default gateway stay down. 
&nbsp;  
&nbsp; any ideas if you understood this??

hoolio · Answer

There must have been some object in the 9.1.2 config that was used to allow outbound access.  LTM is a default deny device so no traffic would pass through without a VIP, SNAT or NAT to do it.  You can configure one or more of these objects to allow outbound access.  A wildcard virtual server with destination address translation disabled would be the most configurable.  You can set it to forward if you want to use the routing table or you can specify a gateway pool if you have multiple routers.  You can check the LTM config guide on AskF5.com for more information. 
&nbsp;  
&nbsp; Aaron

smp_86112 · Answer

Last weekend I cut over to new hardware, and had what sounds to be similar symptoms. I could ping my default gateway, but when I tried to get past it, I got "network is unreachable". From outside I could ping the LTM, but could not ssh or pull up the management gui. I ended up restarting the LTM, and that resolved it.

adamsr1_1542 · Answer

here is my senero... I upgraded from 9.1.2 to 9.2.1  and missed the prompt to roll my config over so I continued to upgrade to 9.4.5. 
&nbsp; I then had to manually configure the box and i did it exactly to match the active box thats still on 9.1.2. 
&nbsp;  
&nbsp;  
&nbsp; VIP 10.10.10.60 
&nbsp; pool member 10.10.10.10 
&nbsp; pool member 10.10.10.9 
&nbsp;  
&nbsp; self ip 10.10.10.70 
&nbsp; self ip 10.10.10.69 floater 
&nbsp;  
&nbsp;  
&nbsp; self ip 10.10.10.80 
&nbsp; self ip 10.10.10.69 floater 
&nbsp;  
&nbsp;  
&nbsp; I have a snat list created and auto snat  enabled on the VIP's 
&nbsp; thses are all red they can't communicate with anything 
&nbsp;  
&nbsp; I have vips on different vlans  that are green but once I put a default gateway of 10.10.10.1 on my LTM the VIP's that were green instantly turn red and it was all working on vertion 9.1.2 
&nbsp;  
&nbsp;  
&nbsp;  
&nbsp;  
&nbsp;  
&nbsp;  
&nbsp;  &nbsp;

adamsr1_1542 · Answer

I SCREWED UP....HERE IS THE SENERO: 
&nbsp;  
&nbsp; here is my senero... I upgraded from 9.1.2 to 9.2.1 and missed the prompt to roll my config over so I continued to upgrade to 9.4.5.  
&nbsp; I then had to manually configure the box and i did it exactly to match the active box thats still on 9.1.2.  
&nbsp;  
&nbsp; VIP 10.10.10.60  
&nbsp; pool member 10.10.10.10  
&nbsp; pool member 10.10.10.9  
&nbsp;  
&nbsp;  
&nbsp; VIP 10.10.10.50 
&nbsp; pool member 10.10.10.8 
&nbsp; pool member 10.10.10.7 
&nbsp;  
&nbsp; self ip 10.10.10.70  
&nbsp; self ip 10.10.10.69 floater  
&nbsp;  
&nbsp; ROUTER 10.10.10.1 
&nbsp;  
&nbsp;  
&nbsp;  
&nbsp; I have a snat list created and auto snat enabled on the VIP's  
&nbsp; thses are all red they can't communicate with anything  
&nbsp;  
&nbsp; I have vips on different vlans that are green but once I put a default gateway of 10.10.10.1 on my LTM in the routing table  the VIP's that were green instantly turn red and it was all working on vertion 9.1.2  
&nbsp;  &nbsp;

Forum Discussion

Can't communicate outside the Bigip

Recent Discussions

SNI Sites not taking correct certificate.

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

Can i apply ddos profile on virtual server using port range

ASM Export JSON - size Limit ?

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

Related Content

2025 Community MVP Announcement

Community at AppWorld 2025

DevCentral Community Guidelines

DevCentral Community Ranking Explained

Community Learning Path: Multi-Cloud Networking

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS