Forum Discussion
NimbostratusProblems with outgoing connections
Hello everyone
I need a pool of servers to make outbound connections with a Snat and a different route than the default route of the BIG-IP. They have some recommendation or good practices to do this. We have tested with Snat but we did not succeed.
Thank you!
eben_259100Cirrostratus
Hi, First the servers must point to BIG-IP as default gateway. Configure static routes or run a dynamic routing protocol of the BIG-IP.
HTH.
Pzamberlan_2615Thanks for the reply.
The servers have as DG the Self-IP of the BIG IP. But additionally I need these servers to have internet connection and do so with a Snat, and the connection to the internet is for a FW not for the BIG-IP.
Regards!
- eben_259100
If the traffic from internal servers outbound is to the internet, then a default route is what you need. Why don't you want to use that? Do you have a "Forwardinf IP" wildcard (0.0.0.0:0)virtual server type on the internal VLAN to process the internet traffic from the servers? If you have one in place share the output of "tmsh list ltm virtual "
- Pzamberlan_2615
Hi Eben,
I have a default route, but this route is different from the route that the servers have to use for outbound internet traffic.
So I need 2 routes: -One for outgoing internet traffic. -The route for traffic to customers. (current DR).
Thanks for the reply.
ebenHi, First the servers must point to BIG-IP as default gateway. Configure static routes or run a dynamic routing protocol of the BIG-IP.
HTH.
- Pzamberlan_2615
Thanks for the reply.
The servers have as DG the Self-IP of the BIG IP. But additionally I need these servers to have internet connection and do so with a Snat, and the connection to the internet is for a FW not for the BIG-IP.
Regards!
- eben
If the traffic from internal servers outbound is to the internet, then a default route is what you need. Why don't you want to use that? Do you have a "Forwardinf IP" wildcard (0.0.0.0:0)virtual server type on the internal VLAN to process the internet traffic from the servers? If you have one in place share the output of "tmsh list ltm virtual "
- Pzamberlan_2615
Hi Eben,
I have a default route, but this route is different from the route that the servers have to use for outbound internet traffic.
So I need 2 routes: -One for outgoing internet traffic. -The route for traffic to customers. (current DR).
Thanks for the reply.
youssef1Cumulonimbus
Hi Pzamberlan,
you have to respect this requirement:
- the Default Gw of your server have to be F5 (floating IP if cluster or serlf IP if standalone).
-
Create an VS (L4) with this vs IP: 0.0.0.0:443 or 0.0.0.0:* if you need more port (you can also create multiple vs depending port you need).
-
In the VS settings you have to uncheck "Port Translation" and "address ranslation".
- set snat to automap.
- create your pool memeber (it will be the F5 Gw) in the port set at wildcard (IP_GW:*).
If you want to monitor your GW (pool memeber) you have to create it as transparent. but for the momenet don't set any monitor until you validate your oubtound service.
Keep me in touch.
Regards