Forum Discussion

agriesser's avatar
agriesser
Icon for Nimbostratus rankNimbostratus
Apr 07, 2014

NAT Exemption / Next-Hop Routing

Hey there,   I got a tricky situation here, let me try to outline it as simple as possible. I do have a BigIP LTM running 10.2.4HF7 here which has one Uplink-VLAN (public ip space), several intern...
application delivery
devops
iRules
LTM
network
routing
snat
agriesser's avatar
agriesser
Icon for Nimbostratus rankNimbostratus
Apr 07, 2014

Hi Jason,

thanks for your response. Here's what I got so far:

virtual address 192.168.99.0 {
   mask 255.255.255.0
}
virtual address 192.168.1.0 {
   mask 255.255.255.0
}
virtual all_subnets {
   ip forward
   snat automap
   destination any:any
   mask 0.0.0.0
}
virtual inside1-subnet {
   ip forward
   destination 192.168.1.0:any
   mask 255.255.255.0
   vlans {
      INSIDE_VLAN1
      LINKNET_ASA
   } enable
}
virtual vpn-remote-subnet {
   ip forward
   destination 192.168.99.0:any
   mask 255.255.255.0
   vlans INSIDE_VLAN1 enable
}

Unfortunately I'm still not able to ping hosts in on the other end of the ipsec tunnel and I think my biggest problem is not being able to debug that issue properly. Are there some kind of packet inspection or debug logs or is my configuration mentioned above wrong?