Forum Discussion
Route Problem ?
Hi, I want to expose my sap portal to the internet so i configured ASM policy (recommended by F5 template HTTPS). My problem is that the virtual server and the node (sap portal server) is not in the same subnet, in my my F5 configuration i have only 1 subnet so when the F5 wants to go to sap server he must use his default gatway. The status is that i can see my request in the ASM log but i cant see the sap portal page. I check my network routing and i don't have any routing problem (i make a telnet session from F5 to the portal server ) in the network i think the problem is because the virtual server and the node are not in same subnet.
Please help
Regards Rafi
- Rafish_129330Nimbostratus
This is tcpdump from F5, you can see that the F5 don't send any packet to portal server (z.z.z.z)
my pc= x.x.x.x virtual server= y.y.y.y portal = z.z.z.z
09:59:49.362662 IP y.y.y.y.https > x.x.x.x.62282: F 134:134(0) ack 307 win 4685 09:59:49.363621 IP x.x.x.x.62282 > y.y.y.y.https: . ack 135 win 64107 09:59:49.368338 IP x.x.x.x.62284 > y.y.y.y.https: S 630490270:630490270(0) win 8192 09:59:49.368365 IP y.y.y.y.https > x.x.x.x.62284: S 471673062:471673062(0) ack 630490271 win 4380 09:59:49.369037 IP x.x.x.x.62284 > y.y.y.y.https: . ack 1 win 64240 09:59:49.371707 IP x.x.x.x.62284 > y.y.y.y.https: P 1:259(258) ack 1 win 64240 09:59:49.371730 IP y.y.y.y.https > x.x.x.x.62284: . ack 259 win 4638 09:59:49.372757 IP y.y.y.y.https > x.x.x.x.62284: P 1:134(133) ack 259 win 4638 09:59:49.378836 IP x.x.x.x.62284 > y.y.y.y.https: P 259:306(47) ack 134 win 64107 09:59:49.378840 IP x.x.x.x.62284 > y.y.y.y.https: P 306:729(423) ack 134 win 64107 09:59:49.378855 IP y.y.y.y.https > x.x.x.x: . ack 306 win 4685 09:59:49.378858 IP y.y.y.y.https > rx.x.x.x.62284: . ack 729 win 5108 09:59:49.379373 IP y.y.y.y.https > x.x.x.x.62284: . ack 729 win 5108 09:59:49.380508 IP y.y.y.y.https > x.x.x.x.62284: R 134:134(0) ack 729 win 5108
- Rafish_129330Nimbostratus
Hi, I don't SNAT, and about the asymmetric route i have only one port in F5 and i can do telnet to portal server from the cli so i don't think that i have asymmetric rote issue in the network.
when i do sniffer on my fW i don't see that the F5 sent his request to the portal server.
- uniAltostratus
Do you SNAT in your virtual? Maybe there's an issue with asymmetric routing.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com