ICMP from the server pool

Hi Len,

 

 

SOL7366 (Click here) details the steps required to allow ICMP through a SNAT:

 

 

 

A SNAT passes ICMP traffic when SNAT Packet Forwarding is set to All Traffic. The All Traffic setting specifies that the BIG-IP system forwards any IP packets originating from a SNAT member for all traffic types.

 

 

To configure a SNAT to forward all traffic, perform the following procedure:

 

 

1. Log in to the Configuration utility.

 

2. Click System, then click General Properties.

 

3. From the Local Traffic menu, select General.

 

4. Change the SNAT Packet Forwarding setting to All Traffic.

 

5. Click Update.

 

 

 

 

What type of SNAT(s) have you defined?

 

 

Aaron

I have two VIP-Pool mappings. One for the http/s service and the other for any port/protocol. I built the SNAT and everything is working perfectly, I just cant ping from the server to the public side.

 

 

Are you able to make a TCP based request from the hosts to the destination they want to be able to ping through the SNAT? If so, you should just need to set the global option for SNAT packet forwarding to 'All Traffic'.

 

 

If you try that, are you able to ping from the pool members to the destination(s)?

 

 

Aaron

Yes, they can access any service (backup, ftp, etc) to any server, but to those same servers, no icmp...

 

 

 

>global option for SNAT packet forwarding to 'All Traffic'.

 

 

I am lost as to where you set global options for the SNAT. I have them set to all VLANS, but I dont see all traffic unless you aare talking about the vip or the pool settings.

 

DOH!

 

Thanks a million... I just went through and figured it out. I was thinking pool/vip, you were talking SNAT only. That worked, thanks.