Routing Between DMZ & LAN using F5

Ok so according to your dig -->

App view tier - 192.168.0.70/22 , 192.168.0.71(Self), 192.168.0.73(Floating) Web view tier - 192.169.0.0/22, 192.169.0.71(Self), 192.169.0.73(Floating)

1)With your ip_fwd virtual server setup The app view server should be able to talk to the web if their gateway is 192.168.0.73(Floating)- Can you confirm that? ping or telnet? 2)For the web view servers to talk to App view servers their gateway should be web view tier VLAN selfip - 192.169.0.73(Floating)

You can forgot about that. It's just an example of the architecture that i want to do

I have a lan eon network 192.168.2.0 his self ip & gateway is 192.168.2.1

And a DMZ network 55.10.252.0 his self ip is 55.10.252.1

I want to enable communication between these two networks

Thank you

The servers in both DMZ and LAN should have their gateways as 55.10.252.1 and 192.168.2.1 respectively. Is that the case?

Yes, Exactly :)

can you post the virtual server configuration?

 tmsh list ltm virtual (name)

Hello,

ltm virtual DMZ-To-LAN { destination 0.0.0.0:any ip-forward ip-protocol tcp mask any profiles { fastL4 { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address disabled translate-port disabled vlans-disabled

ip-protocol tcp

protocol should be all. tcp does not include icmp.

Done, but the situation is the same.

ltm virtual DMZ-To-LAN { destination 0.0.0.0:any ip-forward mask any profiles { fastL4 { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address disabled translate-port disabled vlans-disabled }

Done, but the situation is the same.

can you try tcpdump?

e.g.

 tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host x.x.x.x or host y.y.y.y -v

x.x.x.x is source ip
y.y.y.y is destination ip

tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host 0.0.0.0 or host 0.0.0.0 -v tcpdump: listening on 0.0:nnn, link-type EN10MB (Ethernet), capture size 65535 b ytes Got 0 Got 0