Forum Discussion

thomass87_91937's avatar
thomass87_91937
Icon for Nimbostratus rankNimbostratus
Oct 30, 2014

inline configuration

Hi,   I have configuration: NET => FW => F5 => SRV   I have VS1 which forwards traffic to SRV (no SNAT used, not possible to do XFF so source address of client is seen). F5 is def gw for SRV. O...
inline
routing
snat
nitass's avatar
nitass
Icon for Employee rankEmployee

Second example. When server is originating connection to NET it hits VS 0/0, is that right? No SNAT is configured so source address of server is seen outside? The route on FW pass traffic back to SRV via F5.

 

yes unless you also have snat list configuration.

 

It is enabled only on server-vlan. If I understand correctly when the server itself is originating connection outside it will hit VS 0/0. How does this configuration applies when connection is originating from another subnet (for example behind FW) to server IP address (not VS1). Connection will be dropped/rejected? Should VS 0/0 listen on all vlans to allow such connections?

 

yes connection will be rejected. bigip is default deny device. to allow traffic, object listener (i.e. virtual server, snat, nat) is required.

 

sol9038: The order of precedence for local traffic object listeners

 

https://support.f5.com/kb/en-us/solutions/public/9000/000/sol9038.html

 

thomass87_91937's avatar
thomass87_91937
Icon for Nimbostratus rankNimbostratus
Nov 03, 2014
OK, it is clear now. Thanks.