For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kuldeep_Thakur_'s avatar
kuldeep_Thakur_
Icon for Nimbostratus rankNimbostratus
Jul 18, 2012

F5 is replacing source address of my servers with floating self ip of engress vlan

HI guys i am new to f5 so dont knwo if i have configured it correctly or not . I have two Vlan's configured on My F5 . Engress Vlan(115) and Ingress Vlan(114). My servers are on Ingress Vlan and Cline...
config
design
nitass's avatar
nitass
Icon for Employee rankEmployee
Jul 19, 2012
bigip is a default-deny device. to allow traffic from one vlan to another, at least one listener object has to be configured. there are 3 listener object types which are virtual, snat, nat.

since you do not need snat/nat, can you delete snat and create 2 virtuals; one for incoming and the other one for outgoing? because outgoing virtual is ip forwarding virtual, do not forget to add default route on bigip.

e.g. 

[root@ve10:Active] config  b virtual list
virtual vs_incoming {
   pool pool_server
   destination 172.28.19.79:80
   ip protocol 6
   profiles {
      http {}
      tcp {}
   }
}
virtual vs_outgoing {
   ip forward
   destination any:any
   mask 0.0.0.0
}

[root@ve10:Active] config  b route list
route default inet {
   gateway 172.28.19.254
}

[root@ve10:Active] config  b snat list
No SNATs were found.