Forum Discussion
NimbostratusMaking F5 as the Gateway - Need Step-by-Step Instructions
Hi All, Here is my scenario - I have 2 exchange servers with default gateway to nexus switch 10.121.1.1 in vlan 622 I have VIP 10.221.16.24 - Uplink Vlan to Nexus - vlan 681 gw 10.121.16.1 I have snat automap - everything is working fine
Now they want to see clientIPs and i have to setup F5 as the gateway.
What I've done so far - Change Def GW on servers to point to F5 Self-IP Turn Off SNAT on VS Add a Forwarding IP (layer 2) with 0.0.0.0/0 - fastL4 profile - allowed vlan - Uplink Vlan to Nexus
Load Balanced traffic is working fine - but we can't access the server directly.
What configuration do i need on F5 and Nexus to get this working. ? Find lots of threads on thsi but can't undertand clearly and apply to my situation. Thanks for help in advance.
8 Replies
amolariCirrostratus
allowed Vlan should be the one on the client side. Is it the case?
- Eric_St__John
Employee
A few things:
You mention Forwarding IP, and Layer 2 Virtual Server. These are 2 different types of virtual servers, you should be using a Forwarding IP Virtual Server, not a Layer 2.
Do you have a route on the Nexus switch pointing 10.121.1.0/24 to the BIG-IP on the 10.121.16.0 network? You want to make sure that the traffic is flowing through the BIG-IP in both directions.
The Forwarding IP virtual server should be enabled on All VLANs, or at least both of the VLANs that traffic is flowing in and out of, in order to allow access to the servers and to allow the servers access out of their VLAN.
I suspect the issue is the second, and traffic is flowing around the BIG-IP as it arrives to the server, the server is sending the SYN ACK to the BIG-IP and the BIG-IP is dropping it.
If there are other servers on this VLAN and you cannot route all traffic through the BIG-IP, then you will have to enable Loose Initiate and Loose Close on the FastL4 profile that you assign to the Forwarding IP VS.
mfkk531_168091Do you have a route on the Nexus switch pointing 10.121.1.0/24 to the BIG-IP on the 10.121.16.0 network?
Can you please describe how do i achieve this? or a specific static route command for this
- Eric_St__John
You would configure a static route on the Nexus switch:
ip route 10.121.1.0 255.255.255.0
- mfkk531_168091
Thanks - I have the static route on the Nexus. Now on the FwdIP im facing a issue in src and dest
I have vlan622 - Servers in Route Domain %16
I have vlan681 - VIPS in Route Domain %15
What should my src and dest be on this fwd VS?
kridsanaCirrocumulus
Hi
If You create NAT IP for that server, Can you access server directly?
RyannnnnnnnnAltocumulus
Forwarding IP VS on external VLAN - Destination network 10.121.1.0/24
Forwarding IP VS on internal VLAN - Destination network 0.0.0.0/0
Make sure to define what protocols etc you want to be forwarded.
- Eric_St__John
What are you trying to accomplish with placing your Virtual Servers in 1 route domain and the servers in another? Is there a firewall between the 2 networks? Do you have strict isolation enabled on the route domains?
