Forum Discussion

Behnam_319154's avatar
Behnam_319154
Icon for Nimbostratus rankNimbostratus
Sep 12, 2017

CGNAT and IP forwarding Simultaneously for exception flows

I have scenario according to the diagram using VIPRIOM 2400 platform as CGNAT solution. I'm using CGNAT for translating our clients(SRC: 100.64.0.0/10) for Internet access. In our regular scenario F5 box translate client address for both Internet access and our internal servers. Now we have a situation where we need our clients connected to an internal web-server(172.16.1.1) with their actual IP address(100.64.0.0/10)). for this purpose I created two 'IP forwarding' matching web-server IP address in each direction. the point is I've Created CGNAT virtual server for Internet access and LTM Virtual server for matching traffic to/from local web server.

Clients Internet access which works without any problem. but It seems web-server virtual server doesn't match with any traffic.

ltm virtual CGNAT-BRAS--ACCESS-01 {
    description CGNAT-BRAS--ACCESS-01
    destination 0.0.0.0%101:any
    mask any
    profiles {
        CGNAT-L4 { }
    }
    source 100.64.0.0%101/10
    source-address-translation {
        pool CGNAT-ACCESS-01
        type lsn
    }
    translate-address disabled
    translate-port disabled
    vlans {
        VLAN-40
    }
    vlans-enabled
    vs-index 26
}

ltm profile fastl4 CGNAT-L4 {
    app-service none
    defaults-from fastL4
    loose-close enabled
    loose-initialization enabled
    reassemble-fragments enabled
    reset-on-timeout disabled
}

ltm virtual local-web-forwarding-client-side {
    destination 172.16.1.1%101:any
    l2-forward
    mask 255.255.255.255
    profiles {
        Forwarding_VS { }
    }
    source 100.64.0.0%101/10
    translate-address enabled
    translate-port disabled
    vlans {
        VLAN-40
    }
    vlans-enabled
    vs-index 46
}
ltm virtual local-web-forwarding-network-side {
    destination 100.64.0.0%101:any
    ip-forward
    mask 255.192.0.0
    profiles {
        Forwarding_VS { }
    }
    source 172.16.1.1%101/32
    translate-address disabled
    translate-port disabled
    vlans {
        VLAN-41
    }
    vlans-enabled
    vs-index 47
}

ltm profile fastl4 Forwarding_VS {
    app-service none
    defaults-from fastL4
    idle-timeout 300
    loose-initialization enabled
    reset-on-timeout disabled
}
application delivery
BIG-IP
big-ip cgnat
cgn
cgnat
lsn
LTM
No RepliesBe the first to reply