Forum Discussion
Song_86464
Nimbostratus
NimbostratusServer can't talk to the internet
I have a nodes sitting behind the VIP's and all the servers are accessible from the internet from but none of the servers can talk to the internet, ping responses and traceroutes fail plus we have servers that gather data from the internet but can't reach it.
I have my VIP as 10.10.100.0/24 and my inside (Pool) 10.10.50.0/24.
I have a Wildcard with the 0.0.0.0 0.0.0.0 to allow traffic from the inside to reach the outside. My network has a Firewall and a Router in front of the F5's running 9.3. The router is just passing traffic and the Firewall is allowing public IP's to the VIP's in it's DMZ interface. I can ping only to the 10.10.100.X addressed but not passed that. I think there is something wrong with my SNAT setup.
I have a SNAT outbound pool setup with a public IP Address. But nothing seems to be working. I also saw that I needed to add the SNAT pool the VIP which I did. I read that I might need to add this to the interface but didn't see a place to do this. Please advise.
L4L7_53191Here are a few things that will hopefully help.
-- The BigIP blocks ICMP by default. Try layer 4 tests or be sure to allow all protocols on your wildcard virtual server.
-- Be sure your wildcard VS is bound to the appropriate VLAN (the internal vlan in this case).
-- You mention that you're SNAT-ing to a public IP. Be sure you're SNAT-ing to an IP address that the BigIP owns, e.g. something on the 10.10.100 network. Your upstream devices should handle the public SNAT addresses.
-Matt
Song_86464Yeah that's did it, plus my firewall misconfigured.
Thanks- Song_86464Thanks for the input, I got this to work. - Song