Forum Discussion
Peter_Z
Cirrus
CirrusInternal server to VIP from other than Internal subnet
Hello,
I'm curious, if it is possible to have servers behind the internal BIG-IP vlan to access the VS (VIP) that is either from the External BIG-IP subnet (same as the external vlan self-IP) or other subnet that exists on the BIG-IP (other than external or internal subnet).
For example:
server is on the internal subnet 10.10.10.0/24 (big-ip self-ip 10.10.10.51)
VS1 in on the external big-ip subnet 192.168.1.80 (big-ip self-ip 192.168.1.51)
VS2 is from the subnet other than the above (for example: 172.16.16.80)
I was testing (open a webpage) such a configuration in LTM-VE, but i was not able to access the VIP successfully unless I have defined a STATIC nat for the server. I was getting RST packets from the BIG-IP, however the ping to both VIPs was successfull.
Is the behavior different if the server (working as a client) is not directly from internal big-ip subnet but other subnet reachable via the Internal big-ip vlan ?
Thanks
Minn_62043Cirrostratus
You can add a forwarding ip virtual server on BIG-IP. As long as the servers on internal vlan knows how to route the traffic to BIG-IP, it should be able to access the servers elsewhere.
nitassEmployee
If listener object e.g. virtual server, snat, nat is enabled on that vlan i.e. internal vlan, server should be able to access it.
Michael_YatesNimbostratus
I agree with nitass.
If you do not want to configure SNAT Automap full time then you can use an iRule to engage SNAT when it is talking to another device on a different subnet of the same device.
Create a Data Group (mynetwork in this example) and add the subnets for the BigIP into it. This example is for v10.x.x.when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals mynetwork] } { snat automap } }