Forum Discussion

Altostratus

Apr 10, 2022

Solved

Simple balancing doesn't work

Good morning community, I have to configure, for my work, a F5 VE. So, I download F5 VE 13.1.4 in my lab @home and install it on VMWare to make practice and understand the F5 basics. What I did is co...

application delivery

configuration

Enes_Afsin_Al
Apr 10, 2022
Hi Lucas,

Is SNAT active on the virtual server? If SNAT is not active, your connection may fail due to asymmetric traffic. When you telnet over the CLI, there is no connection problem because the source IP is F5. The same goes for monitor requests.

K7820: Overview of SNAT features:
https://support.f5.com/csp/article/K7820

Enes_Afsin_Al

MVP

Apr 10, 2022

Hi Lucas,

Is SNAT active on the virtual server? If SNAT is not active, your connection may fail due to asymmetric traffic. When you telnet over the CLI, there is no connection problem because the source IP is F5. The same goes for monitor requests.

K7820: Overview of SNAT features:
https://support.f5.com/csp/article/K7820

LucasRey

Altostratus

Apr 10, 2022

HI Enes_Afsin_Al, thank you for reply.

I read the page you linked me, and understand the concept behind SNAT, now is working. What I did is create a simple SNAT where external network 10.3.0.0/24 is translated to 10.2.0.3 (so the internal F5 interface), so that NODE can reply.

Before SNAT, I did a trace on one of the server NODE and I can see:

So, node receives SYN from external client (10.3.0.128) but is not able to reply since NODE cannot reach that IP. That's probably the reason because it doesn't work.

After using SNAT, NODE receives packet from internal F5 interface IP and is now able to reply to that interface: