Forum Discussion
adamsr1_1542
Nimbostratus
NimbostratusCan't communicate outside the Bigip
I recently upgraded my standby bigip from 9.1.2 to 9.4.5
I messed up and did not restore my config at the time so i had to manually configure it.
After I configured the box from scratch (its configured identical the the active box (its still on 9.1.2) I get no connectivity to the outside network
when i take out the default-gateway the nodes that are not on that network come up but the nodes that are on the same network as the default gateway stay down.
any ideas if you understood this??
4 Replies
hoolioCirrostratus
There must have been some object in the 9.1.2 config that was used to allow outbound access. LTM is a default deny device so no traffic would pass through without a VIP, SNAT or NAT to do it. You can configure one or more of these objects to allow outbound access. A wildcard virtual server with destination address translation disabled would be the most configurable. You can set it to forward if you want to use the routing table or you can specify a gateway pool if you have multiple routers. You can check the LTM config guide on AskF5.com for more information.
Aaron
smp_86112Last weekend I cut over to new hardware, and had what sounds to be similar symptoms. I could ping my default gateway, but when I tried to get past it, I got "network is unreachable". From outside I could ping the LTM, but could not ssh or pull up the management gui. I ended up restarting the LTM, and that resolved it.
adamsr1_1542here is my senero... I upgraded from 9.1.2 to 9.2.1 and missed the prompt to roll my config over so I continued to upgrade to 9.4.5.
I then had to manually configure the box and i did it exactly to match the active box thats still on 9.1.2.
VIP 10.10.10.60
pool member 10.10.10.10
pool member 10.10.10.9
self ip 10.10.10.70
self ip 10.10.10.69 floater
self ip 10.10.10.80
self ip 10.10.10.69 floater
I have a snat list created and auto snat enabled on the VIP's
thses are all red they can't communicate with anything
I have vips on different vlans that are green but once I put a default gateway of 10.10.10.1 on my LTM the VIP's that were green instantly turn red and it was all working on vertion 9.1.2- adamsr1_1542I SCREWED UP....HERE IS THE SENERO:
here is my senero... I upgraded from 9.1.2 to 9.2.1 and missed the prompt to roll my config over so I continued to upgrade to 9.4.5.
I then had to manually configure the box and i did it exactly to match the active box thats still on 9.1.2.
VIP 10.10.10.60
pool member 10.10.10.10
pool member 10.10.10.9
VIP 10.10.10.50
pool member 10.10.10.8
pool member 10.10.10.7
self ip 10.10.10.70
self ip 10.10.10.69 floater
ROUTER 10.10.10.1
I have a snat list created and auto snat enabled on the VIP's
thses are all red they can't communicate with anything
I have vips on different vlans that are green but once I put a default gateway of 10.10.10.1 on my LTM in the routing table the VIP's that were green instantly turn red and it was all working on vertion 9.1.2
