Forum Discussion

Brumik's avatar
Brumik
Icon for Nimbostratus rankNimbostratus
Jun 10, 2021

Pinging SNAT Address

I am running bigip VE edition 15.1.0.2 and configured a standard SNAT pool and attached to a virtual server.

 

ltm snat-translation /Common/192.168.20.6 {

  address 192.168.20.6

  inherited-traffic-group true

  traffic-group /Common/traffic-group-1

}

ltm snatpool /Common/VSERVER_TEST {

  members {

    /Common/192.168.20.6

  }

}

 

The webserver is up and running and the virtual server is available.

 

However from the webserver I cannot ping 192.168.20.6, but the ARP does resolve:

 

/ # arp -an

? (192.168.20.6) at 0c:6e:a5:be:62:03 [ether] on eth0

? (192.168.20.3) at 0c:6e:a5:be:62:03 [ether] on eth0

? (192.168.20.1) at 0c:6e:a5:be:62:03 [ether] on eth0

 

.1 and .3 are pingable.

 

According to this article https://support.f5.com/csp/article/K05703029 the SNAT is supposed to respond to ICMP, does anyone know if this is actually the case or has the behavior been changed between versions or is there any specific settings to enable this?

 

Thanks in advance.

 

 

 

 

 

application delivery
BIG-IP
LTM
snat
  • spalande's avatar
    spalande
    Icon for Nacreous rankNacreous
    Jun 11, 2021

    Is there a firewall between server and F5? ICMP might be blocked there. If this isn't a case, run tcpdump on F5 and see if traffic reaches there. ​

  • Brumik's avatar
    Brumik
    Icon for Nimbostratus rankNimbostratus
    Jun 12, 2021

    Hello Sanjay,

    There is no firewall, the ping request arrives to the F5 but is not answered. Webserver is directly connected to the F5 via a switch.

    Environment is in GNS3 but I dont think this makes a difference. I posted complete config below.

    BR

    Chris

    ltm virtual /Common/http_vserver {

      creation-time 2020-08-18:09:05:39

      destination /Common/192.168.10.1:80

      ip-protocol tcp

      last-modified-time 2021-06-10:18:56:19

      mask 255.255.255.255

      pool /Common/http_pool

      profiles {

        /Common/fastL4 { }

        /Common/http { }

      }

      rules {

        /Common/gestamp

      }

      source-address-translation {

        pool /Common/test_vs

        type snat

      }

      translate-address enabled

      translate-port enabled

      vlans {

        /Common/external

      }

      vlans-enabled

    }

     

    ltm snat-translation /Common/192.168.20.6 {

      address 192.168.20.6

      inherited-traffic-group true

      traffic-group /Common/traffic-group-1

    }

    ltm snatpool /Common/test_vs {

      members {

        /Common/192.168.20.6

      }

    }