From below topology i want to ping from TEST_PC to firewall interface IP(172.16.3.254). From same TEST_PC i can ping WEB_SERVER. I am not sure why ping to firewall is not working. I have ping policy associated with Firewall interface. Reverse routing is in place on firewall pointing towards HA IP(172.16.3.100). Is InterVLAN routing even possible in LB ? Thanks

Instead of "destination 172.16.3.254:any" use "0.0.0.0/0:any". This creates a full router without filter on source or destination IPs. The kernel's routing table is used to forward traffic.

Is InterVLAN Routing possible in F5

Nitesh
Cirrus
Aug 21, 2021
It started working after doing below config. But i couldn't ping to 172.16.1.x from 172.16.2.x. I tried changing destination ip to 0.0.0.0/0 or 172.16.0.0/16 but it didnt work.

ltm virtual Forwading_VS_MGMTPC {
   creation-time 2021-08-20:21:22:48
   destination 172.16.3.254:any
   ip-forward
   ip-protocol tcp
   last-modified-time 2021-08-21:10:00:37
   mask 255.255.255.255
   profiles {
       fastL4 { }
   }
   serverssl-use-sni disabled
   source 0.0.0.0/0
   source-address-translation {
       type automap
   }
   translate-address disabled
   translate-port disabled
   vs-index 6
}
Nitesh
Cirrus
Aug 21, 2021
Ho to configure Forwading VIP such as i can ping any IP addresses ? Futhermore i believe AutoMap doesn't play any role in Forwading VS. I tried packet capture and could see same source and dest ip. Source IP not getting translated.
- Mike757
  MVP
  Aug 21, 2021
  Instead of "destination 172.16.3.254:any" use "0.0.0.0/0:any". This creates a full router without filter on source or destination IPs. The kernel's routing table is used to forward traffic.
  - CA_Valli
    MVP
    Aug 24, 2021
    This should work. F5 is a default-deny device meaning all traffic that does not match a Listener (Virtual Server in this case) or an active connection in table will be dropped.
    
    To route packets, as Mike said, you will need to configure a VS with target network as your destination address. This can be anything, from a single IP 172.16.1.1:any to a network 172.16.0.0/16:any to 0.0.0.0/0:any that will match all traffic. If you want to filter which clients can talk with said network, you can modify "source" and "VLAN" options so that only clients whose traffic comes from a specific netowrk or on a specific VLAN will match the Routing VS.
    
    AutoMap will NAT your Client IP with F5 self-ip address on the VLAN where traffic is routed. For non-connected networks you should specify routes in Network>Routes section. You can confirm which interface is used for egress with bash command "ip route get x.x.x.x"
Nitesh
Cirrus
Sep 06, 2021
Thankyou very much

Forum Discussion

Is InterVLAN Routing possible in F5

Recent Discussions

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

F5 Health Monitor Receive String as JSON

Cloudflare True-Client-IP as Persistence

Get actual client ips in splunk

Related Content

F5 Distributed Cloud - Customer Edge Site - Deployment & Routing Options

SNI Routing with BIG-IP

HTTPS Routing based on Client Certificates values with F5 Distributed Cloud

BIG-IP High Availability with Azure Route Server

BIG-IP BGP Routing Protocol Configuration And Use Cases

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS