Forum Discussion
check add route default in f5 with mode ip forward node server to internet behind ltm f5
hello everyone,
I was a question for the IP forward mode , the config in the capture Bellow with snat:
my test scenario like this:
server node : 172.16.10.47
self externe: 192.168.25.10
self interne : 172.16.10.200
This scenario does not work for internet ping test from the node server 172.16.10.47 to the internet but without a default route to the checkpoint interface gateway 192.168.25.254 , Could you please confirm that adding the route default to the checkpoint interface gateway 192.168.25.254 Is correct for my action and that the test is working.
Hello Hamza, keep in mind that F5 is a default-deny device so anything that doesn't strictly match your forwarders will be denied.
One issue i see with your configuration is that this routing VIP is configured to listen on all VLANs. This means that "inbound" traffic will be nat-ed with the same IP as well. I believe this isn't intended, so you might consider tuning the "vlan and tunnel traffic" config and restricting it only to the internal 172.16.10.x VLAN, and/or any other VLAN that requires outbound connectivity.
Other than that, of course you're going to need to configure a default route on the unit, so that F5 knows where to forward all traffic that isn't intended for local networks.
- Hamza2Nimbostratus
thank you for your reply, I will modify the internal vlan for the policy forward
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com