Forum Discussion
markonans_11916
Nimbostratus
NimbostratusForwarding VS - with selective irule for SRC to DST only allowed to access (using data groups) - syntax fail
Hello this syntax looks logical to me, but is rejected. Can someone please help to tell me what i am doing wrong?
when CLIENT_ACCEPTED {
if {([class match [IP::client_addr] equals L2L_SITEA_SUBNETS] && [class match [IP::local_addr] equals L2L_SITEB_SUBNETS])}
{
forward
return
}
elseif {([class match [IP::client_addr] equals L2L_SITEB_SUBNETS] && [class match [IP::local_addr] equals L2L_SITEA_SUBNETS])}
{
forward
return
}
else
{
drop
}
}
2 Replies
- nitass
Employee
it seems okay here. you have created data groups, haven't you?
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux ltm rule qux { when CLIENT_ACCEPTED { if { ([class match [IP::client_addr] equals L2L_SITEA_SUBNETS] && [class match [IP::local_addr] equals L2L_SITEB_SUBNETS]) } { forward return } elseif { ([class match [IP::client_addr] equals L2L_SITEB_SUBNETS] && [class match [IP::local_addr] equals L2L_SITEA_SUBNETS]) } { forward return } else { drop } } } 
markonans_11916Yes Data Groups have been defined (each contains multiple subnets). Removed the word "return" for the if and the elseif statement - which fixed issue
