Inter-Vlan-Routing

Hey there,

 

I hope you are able to understand me (weak english). My question is concering about Inter-Vlan-Routing on the f5.

 

Currently I have ONE external vlan and IP subnet configured on the f5 (e.g 100.100.1.0/24 and tagged vlan 10) The next Hop Gateway (e.g. 100.100.1.254) to the internal network (e.g. 192.168.168.0/24) is configured in the same vlan (10) and ip address space. Everything is working fine.

 

Now I have to implemented an other DMZ network on the f5 (e.g. 100.100.2.0/24 and vlan 20). I've created a new vlan with Tag 20 on my f5 and added this into the existing route domain (rd_1 ... VLANs vlan.10, vlan.20). After that I've create new SelfIP's using this vlan tag (20). I am able to reach the SelfIP's from external (using Auto Next Hop and Source Check options) via PING.

 

Access from outside to the new DMZ network seems good.

 

My problem is the internal way from 192.168.168.0/24 to the DMZ network 100.100.2.0/24 in vlan 20. The gateway to 192.168.168.0/24 in only in vlan 10 !!!

 

If I try the ping from 192.168.168.3 to 100.100.2.10 I got no answer from the 100.100.2.10 in vlan 20

 

The opposite direction seems working fine. If I try to PING from my f5 the the internal network using ping -I 100.100.2.10 (SelfIP in vlan 20) 192.168.168.3 I got an answer from the internal host. With the use of tcpdump on the gateway to 192.168.168.0/24 I saw packets with source 100.100.2.10 (vlan 20) and the source mac address of the vlan interface in vlan 10.

 

Can someone explain me why the opposite direction don't be work (from internal to external)? Is there any Inter-Vlan-Routing issue one th f5?

 

Thanks a lot