GTM resolving to wrong IP address from Internet

Question

Hi Guys, I am in middle of an ongoing issue in which I am not able to resolve a DNS name of wide IP B to correct IP address. I have configured two new applications having the same VS on LTM (206.221.101.12)&nbsp;
On GTM Translation (172.x.x.x) to IP (206.221.101.12) for Wide IP A (This is resolving correctly to 172.x.x.x)
On GTM VS 206.221.101.12 is configured for wide IP B (This is not resolving correctly instead it resolves to 172.x.x.x which is an IP for wide IP A)
On ISP firewall we have a NAT in place translating 172.x.x.x to 206.221.101.12 IP address&nbsp;
When the NAT (172.x.x.x to 206.x.x.x ) is removed from ISP firewall, I was able to get the 206.221.101.12 when I resolved the DNS name from the public network but the user was not able to communicate with the end server, so I have to re configure the NAT again. &nbsp;
This part is making me confuse since DNS is part of the payload and the NAT should have no bearing on this.  
&nbsp;
Please let me know if I am missing anything. How can I fix this?&nbsp;

eben · Answer

Hi Frank&nbsp;
If you've configured two applications with same virtual-address 206.221.101.12 what are their service ports?
If you could make the rest of the question clearer.&nbsp;

macaron · Answer

Hi eben, On GTM all ports are open for now. I have configured 0 for ports. But on LTM I am allowing 5 ports via an iRule.&nbsp;
Also, I did Wireshark capture on GTM listener IP to see the name resolution of wide IP B. I saw their GTM is actually replying with correct IP address (206.221.101.12) but answer in nslookup comes back as IP address of wide IP A (172.x.x.x). The NAT on ISP firewall changing this when GTM reply back to a query but it should not change since DNS is part of the payload and the NAT should have no bearing on this.&nbsp;
It is a bit confusing please, let me know which of my question you did not understand, I will try to explain again.&nbsp;
Thanks for your help.&nbsp;

eben · Answer

When adding virtual-server object to the GTM, what was used as the "address" + "port" and "translation" + "port"?Do a dig or nslookup to the GTM listener IP address for the WIP and see the response share the response.Where is the GTM in the network design. is there a NAT to the GTM listener IP or is directly internet facing with a public IP address?

stanislas_piro2 · Answer

Hi,&nbsp;
when you configure GTM behind a NAT device:&nbsp;
do not enable virtual server discovery
if LTM virtual server address is 172.16.1.1 hidden by firewall address 1.1.1.1, VS in GTM configuration must be:
Destination : 1.1.1.1 (public IP)translation address : 172.16.1.1 (real LTM virtual server address for monitor)

Forum Discussion

GTM resolving to wrong IP address from Internet

Recent Discussions

Big IP DNS Failover

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

Related Content

Resolve Citrix Secure Ticket Authority (STA)

Protect an application exposed on Internet with F5 XC WAAP

DNS Resolution with the RESOLVER::name_lookup Command

The sooner the better: Web App Scanning Without Internet Exposure

Resolving DNS, and dynamically selecting pool

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS