Forum Discussion
F5 AFM Source / Destination NAT
Hi Harish_Babu ,
While the transulation hasn't happened for TCP and the Bigip AFM ACL Allow this for TCP .... let we suspect the issue in the forwarding Virtual server >> it works for ( ICMP and UDP ) but TCP not.
maybe this is an issue because all tcp traffic distributed accross all tmms from single IP which is not the proper thing for TCP ( connection-oriented ) so we need to make tcp sessions to be handled accross single tmm per user.
So open Vlan ( Src Vlan /Common/INTERNAL_VLAN ) >>> switch ( Configuration to advanced instead od basic ) >>> change CMP-Hash ( from default to source address ) if not worked change it to ( source and destination and port ).
If not worked.
Take a packet capture for sample ip using this command :
tcpdump -vvnni 0.0:nnnp host <src_IP> -s0 -vw /var/tmp/Test_tcp.pcap
and let me have a look.
Another approach:
Can you run this test of udp and tcp on packet tester on gui as well >>> I need you to detect the policy and rule name which allowed this connection.
you are using only one policy in global context with " allow decisively " action , is that correct ?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com