IP forwarding Virtual Server not working for Internal Servers

Question

Hi,&nbsp;
I have configured IP forwarding Virtual Server which is not working. Can someone please help me?? Below are the details of Topology. There are 3 components as shown below.&nbsp;
External Network- 192.168.0.0/24&nbsp;
Default Gateway of F5 - 192.168.0.1, F5 is able to connect to the Internet.&nbsp;
F5's Self IP - 10.1.0.145&nbsp;
Internal Network - 10.2.0.0/24&nbsp;
Server1 - 10.2.0.11, 
Server2- 10.2.0.22,
Server3 - 10.2.0.33)&nbsp;
F5 Self IP - 10.2.0.145&nbsp;
All have Gateway as F5 self IP - 10.2.0.145. I have configured IP Forwarding Virtual Server, I expected that all internal Servers will be able to reach Internet using this but is not working as expected.&nbsp;
Client IP  - 192.168.0.200 (Client is able to access the Internet and other Virtual Servers.)&nbsp;

kevina_246454 · Answer

What is your configuration of the virtual server look like ? is your forward virtual server a any any type, meaning any destination and any port or is it port/ip specific?, where is the virtual server listening on(vlan) on the internal where the server's reside ? &nbsp;
Please can you provide the "list ltm virtual" from tmsh for the forward virtual server ip&nbsp;

daves · Answer

Assuming you've configured the IP Forwarding VS properly, you need the correct routing in place.
While you have next hop gateways on the way out, there's nothing for the internal network traffic coming in.&nbsp;
You want the F5 external self IP to be in the external network 192.168.0.0/24 and then whatever device you have on the gateway address 192.168.0.1, have a static route for the 10.2.0.0/24 internal network with the next hop being the F5 external self IP.&nbsp;

daves_377638 · Answer

Assuming you've configured the IP Forwarding VS properly, you need the correct routing in place.
While you have next hop gateways on the way out, there's nothing for the internal network traffic coming in.&nbsp;
You want the F5 external self IP to be in the external network 192.168.0.0/24 and then whatever device you have on the gateway address 192.168.0.1, have a static route for the 10.2.0.0/24 internal network with the next hop being the F5 external self IP.&nbsp;

Forum Discussion

IP forwarding Virtual Server not working for Internal Servers

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire

Create a virtual server on internal vlan

External and Internal DNS on same appliance

Redirecting to an external site when the internal site is down

Check a Virtual Server's SSL Status

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS