Forum Discussion
genseek_32178
Nimbostratus
NimbostratusF5 Issue
Hi,
Below is the config of virtual, pool and snatpool on F5 that is in production. need assitance.
snatpool vlan12_sp { member 63.25.36.7 }
pool reversenpath_vlan12_pl {...
genseek_32178Nimbostratus
Nimbostratusnitass, can you help me to understand the below configuration
vlans {
vlan_20
}
self 10.1.1.50 {
netmask 255.255.254.0
vlan vlan_20
self 10.1.1.17 {
netmask 255.255.254.0
unit 1
floating enable
vlan vlan_20
vlan vlan_20 {
tag 11
mac masq xxxxx
failsafe enable
timeout 45
failsafe failover
trunks tagged xxxxx}
profile fastL4 fastl4_reversenpath {
defaults from fastL4
idle timeout 60
loose initiation enable
loose close enable
pool reversenpath_vlan20 {
members 10.1.1.1:any {}
snatpool smtpsnat {
members 3.3.3.3
}
pool reversenpath_20 {
members 3.3.3.1:any
virtual reversenpath_vlan20_vs {
pool reversenpath_vlan20
destination any:any
mask 0.0.0.0
rules rule1
profiles fastl4_reversenpath {}
vlans vlan_20 enable
rule rule1 {
when CLIENT_ACCEPTED {
if destination is 20.0.0.0/8 do not SNAT
elseif dest prt is 25, or src prt 1024-2000 SNAT 3.3.3.3
else SNATPOOL 3.3.3.4-10
if { [IP::addr [IP::local_addr]/8 equals 20.0.0.0] }{
snat none
}
elseif { ([TCP::local_port clientside] equals 25 ) or (([TCP::client_port] >=1024) and ( [TCP::client_port] <=2000)) }{
snatpool ftpsnat_2020_sp
pool reversenpath_2020_FE_pl
}
else {
snatpool smtpsnat
pool reversenpath_20
}
}
A server with dual NICs with 1 NIC in private and other in public range iis not able to access internet. Trace from the server to internet is getting dropped at upstream router.
Can you plz check if all F5 config is fine and not preventing the server from accessing the inet.