Forum Discussion
Nimbostratuscheck add route default in f5 with mode ip forward node server to internet behind ltm f5
hello everyone,
I was a question for the IP forward mode , the config in the capture Bellow with snat:
my test scenario like this:
server node : 172.16.10.47
self externe: 192.168.25.10
self interne : 172.16.10.200
This scenario does not work for internet ping test from the node server 172.16.10.47 to the internet but without a default route to the checkpoint interface gateway 192.168.25.254 , Could you please confirm that adding the route default to the checkpoint interface gateway 192.168.25.254 Is correct for my action and that the test is working.
2 Replies
CA_ValliMVP
Hello Hamza, keep in mind that F5 is a default-deny device so anything that doesn't strictly match your forwarders will be denied.
One issue i see with your configuration is that this routing VIP is configured to listen on all VLANs. This means that "inbound" traffic will be nat-ed with the same IP as well. I believe this isn't intended, so you might consider tuning the "vlan and tunnel traffic" config and restricting it only to the internal 172.16.10.x VLAN, and/or any other VLAN that requires outbound connectivity.
Other than that, of course you're going to need to configure a default route on the unit, so that F5 knows where to forward all traffic that isn't intended for local networks.
Hamza2thank you for your reply, I will modify the internal vlan for the policy forward
