Forum Discussion

ReWrite_132188's avatar
ReWrite_132188
Icon for Nimbostratus rankNimbostratus
Jul 02, 2014

F5 BIG-IP answers with a self-ip that is not associated with that VLAN

Hi, I am working on implementing av proxy-solution with the help of F5 BIG-IP to do SSL-decrypt. In short: Users surf the web, and the traffic hits the F5 internal VLAN over a fiber-trunk(2.1 and...
application delivery
deployment
design
LTM
vlan
ReWrite_132188's avatar
ReWrite_132188
Icon for Nimbostratus rankNimbostratus
Jul 07, 2014

Base_config

cm traffic-group /Common/traffic-group-local-only { }
cm trust-domain /Common/Root {
    ca-cert /Common/dtca.crt
    ca-cert-bundle /Common/dtca-bundle.crt
    ca-devices { /Common/xx /Common/xx }
    ca-key /Common/dtca.key
    guid xx
    status initialized
    trust-group /Common/device_trust_group
}
net route-domain /Common/0 {
    id 0
    vlans {
        /Common/http-tunnel
        /Common/socks-tunnel
        /Common/HA
        /Common/external
        /Common/internal
        /Common/cp_proxy
        /Common/cp_proxy_return
    }
}
net self /Common/185.xx.xx.146 {
    address 185.xx.xx.146/25
    traffic-group /Common/traffic-group-1
    vlan /Common/external
}
net self /Common/192.168.xx.219 {
    address 192.168.xx.219/29
    traffic-group /Common/traffic-group-1
    vlan /Common/cp_proxy_return
}
net self /Common/192.168.xx.14 {
    address 192.168.xx.14/28
    traffic-group /Common/traffic-group-1
    vlan /Common/internal
}
net self /Common/192.168.xx.211 {
    address 192.168.xx.211/29
    traffic-group /Common/traffic-group-1
    vlan /Common/cp_proxy
}
net self /Common/185.xx.xx.144 {
    address 185.xx.xx.144/25
    traffic-group /Common/traffic-group-local-only
    vlan /Common/external
}
net self /Common/192.168.xx.12 {
    address 192.168.xx.12/28
    traffic-group /Common/traffic-group-local-only
    vlan /Common/internal
}
net self /Common/192.168.xx.209 {
    address 192.168.xx.209/29
    traffic-group /Common/traffic-group-local-only
    vlan /Common/cp_proxy
}
net self /Common/192.168.xx.217 {
    address 192.168.xx.217/29
    traffic-group /Common/traffic-group-local-only
    vlan /Common/cp_proxy_return
}
net self /Common/192.168.xx.201 {
    address 192.168.xx.201/29
    traffic-group /Common/traffic-group-local-only
    vlan /Common/HA
}
net self-allow {
    defaults {
        ospf:0
        tcp:161
        tcp:22
        tcp:4353
        tcp:443
        tcp:53
        udp:1026
        udp:161
        udp:4353
        udp:520
        udp:53
    }
}
net stp /Common/cist {
    interfaces {
        1.1 {
            external-path-cost 20000
            internal-path-cost 20000
        }
        1.2 {
            external-path-cost 20000
            internal-path-cost 20000
        }
    }
    trunks {
        Trunk_inbound_outbound {
            external-path-cost 2000
            internal-path-cost 2000
        }
    }
    vlans {
        /Common/HA
        /Common/cp_proxy
        /Common/cp_proxy_return
        /Common/external
        /Common/internal
    }
}
net trunk Trunk_inbound_outbound {
    interfaces {
        2.1
        2.2
    }
    lacp enabled
}
net vlan /Common/HA {
    description Failover
    failsafe-action failover
    failsafe-timeout 10
    interfaces {
        Trunk_inbound_outbound {
            tagged
        }
    }
    tag 3517
}
net vlan /Common/cp_proxy {
    description 
    interfaces {
        1.1 { }
    }
    tag 3518
}
net vlan /Common/cp_proxy_return {
    description 
    interfaces {
        1.2 { }
    }
    tag 3519
}
net vlan /Common/external {
    description "Trafikk ut"
    interfaces {
        Trunk_inbound_outbound {
            tagged
        }
    }
    tag 3511
}
net vlan /Common/internal {
    description 
    interfaces {
        Trunk_inbound_outbound {
            tagged
        }
    }
    tag 3500
}