One directional comunication via virtual server

Question

Hello All, &nbsp;
I´m new here and I´m beginner with F5.&nbsp;
I´m trying to publish one http server for test.&nbsp;
What I did. I have created server which is accessible via http in internal network, without F5.
I have created virtual server list, where I put destination IP (publicIP) with port 80 and created pool with one InternalIP. I have tried to set up automap in virtual server list, but it doesn´t help me.&nbsp;
I have checked tcpdump on F5 site where I can see that there is some comunication from Internet to the virtual server, but there is not answer from virtual server to F5. (On virtual server I can see, it is sending responses.)&nbsp;
If you need more details, please let me know, I will share it with you.&nbsp;
Thank you for help&nbsp;

michael_saleem · Answer

Does the website work when you bypass the F5 and go to the server directly?
Could you go onto the CLI and run the following commands to list out the virtual server configuration
tmsh list ltm virtual 
tmsh list ltm pool

f5beginner_3849 · Answer

Hi Michael,
Traffic to the server goes directly in internal network and in external it goes from outside via  F5 to server.
So only from external network will traffic go via F5.
`ltm virtual ExternalIPs {
clone-pools {
    PoolInternalIPs {
        context clientside
    }
}
creation-time 
destination 1.1.1.1:http
ip-protocol tcp
last-modified-time 
mask 255.255.255.255
pool PoolInternalIPs
profiles {
    tcp { }
}
source 0.0.0.0/0
source-address-translation {
    type automap
}
source-port change
translate-address enabled
translate-port enabled
vs-index 9

}
[root@f5lb02:Active:In Sync] config  tmsh list ltm pool PoolInternalIPs
ltm pool PoolInternalIPs {
    members {
        10.1.1.1:http {
            address 10.1.1.1
            session monitor-enabled
            state up
        }
    }
    monitor tcp_half_open
}`

petewhite · Answer

Can't see any issue with the F5 config, maybe post the output of the command tcpdump -i 0.0:p -s0 tcp port 80 and host 1.1.1.1 while you make a request to the virtual server.
Often these sorts of issues are firewalls in the network or server. Worth also checking whether you are receiving any packets at the server.

f5beginner_3849 · Answer

Hello, &nbsp;
tcpdump and tshark was very helpfull. I find out, that port was not opened from outside (stupid mistake)&nbsp;
Thank you &nbsp;

petewhite · Answer

Adding as an answer to stop this showing up as 'unanswered'.
Can't see any issue with the F5 config, maybe post the output of the command tcpdump -i 0.0:p -s0 tcp port 80 and host 1.1.1.1 while you make a request to the virtual server.
Often these sorts of issues are firewalls in the network or server. Worth also checking whether you are receiving any packets at the server.

Forum Discussion

One directional comunication via virtual server

Recent Discussions

TCP Out-of-order, TCP Dup ACK, and TCP Retransmission packets are displayed.

APM with EntraID as idP / request signed

Creating Policy using Terraform

Alert Mail when virtual server down trubleshooting

How to disable RC4 Cipher on SSL

Related Content

Integrating SSL Orchestrator with Cisco WSA Virtual Edition

Migration F5-DNS-VM from a Virtual Machine to other Virtual Machine

Trouble applying GoDaddy certificate to a virtual server

Ubuntu Virtual Machine for NGINX Microservices March 2022 Labs

Re: Get Started with BIG-IP Virtual Edition (VE), BIG-IQ VE or BIG-IP Cloud Edition Trial

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS