Forum Discussion

John_K_375235's avatar
Icon for Nimbostratus rankNimbostratus
Oct 23, 2018

How do I source an ICMP ping echo from virtual server IP?

I have a virtual server on an LTM with an IP of It is communicating over an IP sec VPN tunnel to a customer in AWS. The VIP is the only host in the encryption domain (SA) on our side. AWS cannot initialize a VPN, they only respond. Therefore when the tunnel times out I have to send them a packet from to bring the tunnel back up. I have a loopback on a switch behind my ASA (VPN endpoint) with assigned to it in a down state. When the tunnel goes down I have to no shut the loopback and ping a server on their side to bring it back up. I then have to no shut the loopback so that the traffic actually gets to the F5. I have to imagine theres a way the F5 can resolve my problem. I am thinking an iRule.


TLDR: I need to send an ICMP echo ping from a virtual server IP address periodically to keep a VPN tunnel alive.


1 Reply

  • The ping utility doesn't seem to like virtual server addresses or floating self IP addresses when using the '-I' flag, so I don't think you can -directly- generate ICMP traffic from an F5 using a virtual server address.


    I think you can create a forwarding virtual server, and apply a SNAT to the traffic handled by the virtual server, where the source translation address is the desired virtual server address. Then you just need something 'behind' the F5 to generate the ICMP traffic.