Forum Discussion
Routed VS SNAT Deployment
When I try to SSH from an "off-net" host, from the BIG-IP:
tcpdump -i 0.0 -s0 host 172.21.101.71 (this is the IP of the off-net client/host = FC-RODNS01)
15:59:51.130145 IP fc-rodns01.corp.domain.com.57417 > buildel564.corp.domain.com.ssh: Flags [S], seq 2672739120, win 14600, options [mss 1460,sackOK,TS val 3568921727 ecr 0,nop,wscale 7], length 0 15:59:52.129598 IP fc-rodns01.corp.domain.com.57417 > buildel564.corp.domain.com.ssh: Flags [S], seq 2672739120, win 14600, options [mss 1460,sackOK,TS val 3568922727 ecr 0,nop,wscale 7], length 0 ...
So, the BIG-IP is seeing the request.
At the same time, I have a tcpdump running on the client (172.21.101.71/fc-rodns01):
$ tcpdump host 172.26.100.223 (the IP of the server behind the BIG-IP = buildel564):
15:59:51.130145 IP fc-rodns01.corp.domain.com.57417 > buildel564.corp.domain.com.ssh: Flags [S], seq 2672739120, win 14600, options [mss 1460,sackOK,TS val 3568921727 ecr 0,nop,wscale 7], length 0 15:59:52.129598 IP fc-rodns01.corp.domain.com.57417 > buildel564.corp.domain.com.ssh: Flags [S], seq 2672739120, win 14600, options [mss 1460,sackOK,TS val 3568922727 ecr 0,nop,wscale 7], length 0 ...
So, the off-net client seems to be ACKing requests from the server behind the F5. But, I'm not seeing anything else.
Thanks,
Josh
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com