Forum Discussion
NimbostratusHow do I source an ICMP ping echo from virtual server IP?
I have a virtual server on an LTM with an IP of 10.5.42.115. It is communicating over an IP sec VPN tunnel to a customer in AWS. The VIP is the only host in the encryption domain (SA) on our side. AWS cannot initialize a VPN, they only respond. Therefore when the tunnel times out I have to send them a packet from 10.5.42.115 to bring the tunnel back up. I have a loopback on a switch behind my ASA (VPN endpoint) with 10.5.42.115 assigned to it in a down state. When the tunnel goes down I have to no shut the loopback and ping a server on their side to bring it back up. I then have to no shut the loopback so that the traffic actually gets to the F5. I have to imagine theres a way the F5 can resolve my problem. I am thinking an iRule.
TLDR: I need to send an ICMP echo ping from a virtual server IP address periodically to keep a VPN tunnel alive.
rob_carrCirrocumulus
The ping utility doesn't seem to like virtual server addresses or floating self IP addresses when using the '-I' flag, so I don't think you can -directly- generate ICMP traffic from an F5 using a virtual server address.
I think you can create a forwarding virtual server, and apply a SNAT to the traffic handled by the virtual server, where the source translation address is the desired virtual server address. Then you just need something 'behind' the F5 to generate the ICMP traffic.
https://support.f5.com/csp/article/K7366