Destination net unreachable

In newer versions, if "Forwarding (IP)" is selected, those options are suppressed from the Web UI. In tmsh: tmsh list ltm virtual will show the status of these. In order to troubleshoot, I recommend using tcpdump, as in: tcpdump -nnei 0.0 icmp and host where is the IP address you are attempting to ping. You should see each ICMP Echo Request twice: once inbound toward the BIG-IP, then once outbound from the BIG-IP. The tcpdump output should also indicate the ingress VLAN and the egress VLAN. If you are using SNAT, then the source address on ingress will differ from the source address on egress. Without SNAT, they will be the same on each side. You should naturally see the opposite as well, namely, the ICMP Echo Response twice (with the VLAN order reversed from the Request). Here are some possibilities: 1. You see the echo request enter but not leave: something is misconfigured on the BIG-IP or you are encountering a bug; 2. You see the request enter and leave, but no response: the destination doesn't respond to ping, a route failure is occurring, the traffic is not NATed as it leaves your enterprise border, or a firewall is blocking somewhere; 3. You see the request enter and leave, a response arrives, but no response leaves: something is misconfigured on the BIG-IP or you are encountering a bug; 4. You see the request enter and leave, then the response enter and leave: everything is likely properly configured. Verify that the destination MAC on the egressing ICMP Response is as expected. If so, then something between the BIG-IP and the client is blocking the response, or the client is misconfigured.