Forum Discussion
F5 AFM Source / Destination NAT
Hello Mohamed Kansoh
I’m thankful for your reply.
Unfortuantly the CMP-Hash did not make any diffrence.
In the packet-tester, we can see the traffic is dropped by the VS (missing flow).
In the packet capture we can see only sync, attached same for your reference.
We tried the policy on both VS and Global.
Regards
Harish Babu
- Dec 12, 2023
Okay Harish_Babu ,
- why dns udp requesting timeout ? in the last snap shot ?- Are you sure you have attached the NAT policy to "Forward_VS" ?
it's strange why bigip doesn't perform NATing after receiving SYN !
- Create a global policy which allows ( UDP port 53 / TCP port 443 , ssh ) traffic , with Action " accept decisively " , to prevent further checks on virtual server context ?
this is just for testing >>
make sure that in the FW mode options ( Virtual server / selfip context ) is set to accept not drop.
-Are you sure you have changed the CMP-Hash to source address in Vlan Tag 300 ( which is the ingress Vlan for traffic directed to forward_VS )
- Check this article for ingress drops : https://my.f5.com/manage/s/article/K10191
let me know the updates
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com