Forum Discussion

hc_andy_35682's avatar
hc_andy_35682
Icon for Nimbostratus rankNimbostratus
Feb 09, 2010

iRule to mimic Cisco ACL for Forwarding VIP

Hi All,     Can somebody please help me write an iRule that will permit/deny the outside world from accessing the real servers behind the F5???     For example I have an inside_v...
application delivery
dev
devops
iRules
hc_andy_35682's avatar
hc_andy_35682
Icon for Nimbostratus rankNimbostratus
Feb 10, 2010
Hi Aaron,

 

 

Yes the real server is in the trustedAddresses data group.

 

 

My understanding is very flawed I know, but I was under the assumption that return traffic to the real server via the forwarding VIP would also be validating against the irule.

 

 

Below is how I picture a ping from the real server to google would look like with the irule coming to play on the inside_vlan_210_15_210 VIP when a reply comes back from google - hence why I was puzzled that given that google isn't in the trustedAddresses data group, wouldn't the traffic be dropped?

 

 

real (210.15.210.x) -> F5 (inside_vlan_to_any VIP) -> default gw -> Google

 

 

Google -> F5 (inside_vlan_210_15_210 VIP) -> real

 

 

Thanks.,

 

 

Andy