Inline F5 not working

Configuring forwarding virtual servers on the public and private side of the BIG-IP will essentially turn it into a router. The first question would be what are you trying to accomplish? Generally, forwarding virtual servers aren't used to load balance across pool members. The community can help get you setup properly if we know what you're trying to do.

The forwarding VIP is to allow access to the real IP address for system admins and to allow the servers to get updates from the internet or other servers in the network. There is a single 0/0 forwarding VIP.

This is just a basic setup to test load balancing. This is for a customer of mine and they were testing some things b/c they were having issues with the forwarding VIP behaving correctly. Setting up the test bed and this issue popped up.

I have the same setup in my lab with the VE edition without the HA piece and it all works as expected. Talking to a fellow engineer, he was leaning towards a possible bug. Code is 11.2.1 HF7 I think.

I agree that a forwarding virtual server is a good fit for allowing your backend servers access out to Internet resources for updates, browsing, etc. I assume this access is working as intended?

If you intend to use load balancing, a different type of virtual server might suit you best. In the absence of any special requirements, a standard type should suffice. Ensure you are allow port and address translation on your virtual server.

For administrator access to servers, I'm unsure why you'd be using load balancing in this case. Or why you'd put F5 in that path to begin with.

No, that isn't what the load balancing is for. The servers are actually being load balanced for a purpose. The forwarding VIP was just added so the server admin could reach their server to perform administrative functions.

There is a normal a VIP for access to the pool to test load balancing HTTP. This is the part that is not working. The client can reach HTTP to a real server IP but not through the VIP.

There were some issues with the forwarding VIP b/c a server behind the F5 couldn't access resources without having SNAT turned on. This breaks the application such as Cisco ISE since the server logs the client source IP. The F5 engineer stated there was asymmetric routing somewhere but we couldn't find it.

Can you post your normal virtual server and pool configuration? Sanitized of course.

I will but it maybe tomorrow as I don't have access to the F5 right now. You want CLI or screenshots? There is one thing that struck me odd. There isn't a default persistence. In that case, is there no persistence used or is there a default that is not configured but used? Are there any really good docs out there that explain all the functionality and how it actually works without having to Google everything?

CLI configurations are easiest to analyze. Unless you specifically configure persistence, none will be used.

F5 has some deployment guides but I've found this community is about the best place to get information. Chances are that someone here has done what you are looking to do and can offer suggestions.

Thanks. I'll get the customer to send the config to me. Shouldn't be anything in there that needs to be sanitized since it is just a test pool and nodes along with the VIP.

This is looking more like an ARP issue. My network switch shows the VIP address in the ARP table as 0023.e971.4103. I see that OUI is an f5 MAC, but I'm not sure how to verify it is the correct MAC for the VIP.

I'm not sure how to verify it is the correct MAC for the VIP.

it is vlan mac address unless you are using mac masquerading.

 tmsh show net vlan