Forum Discussion

Ted-Nordvall's avatar
Icon for Altostratus rankAltostratus
Apr 18, 2024

CGNAT with DS-lite and LSN


so we have setup DS-Lite with CGNAT according to this in our lab:

Running version

Interface setup:
ipv4.selfip if, ipv4.vlan)
ipv6_INET-selfip 2001:2040:c000:1:f5f5:f5f5:f5f5:f5f5/64(client facing, ip6_INET.vlan)
ds.selfip ds-tunnel)

CGNAT VS created according to above tech-doc.

LSN- Pool created with:
Persistance: Address Port
Persistance Timeout: 30 (for testing)
Inbound Connections: Automatic
ICMP Echo: enabled
Egress interfaces: ipv4.vlan
Members list:

DS-tunnel created with:
Profile dslite
Local Address: same as ipv6_INET-selfip
Remote Address Any


The NAT-process works fine, the traffic comes in and gets NAT:ed to the pool (i.e.
The traffic also reaches the target, in this case This endpoint in turn has a return-route for traffic back to the F5 for the network. So it responds to the traffic, however here is where we hit the curb. The F5 simply resets the traffic once recieving the syn ack, "internal error sending packet to peer". So it's like it has forgotten the fact that it did the NAT. However when verifying "tmsh show sys connection all-properties" we can see both the IPv6 and IPv4 connections.

Does anyone have any tips and tricks for this? Are we missing something?


No RepliesBe the first to reply