SNAT is not forwarding traffic towards Pool

Question

VIP, Self IP and SNAT are in same VLAN but Pool member is in different VLAN. Pool is reachable from Self IP. VIP and Pools are up, SNAT pool added in VIP. Traffic is visible on VIP from internet but SNAT is not forwarding traffic towards pool. pls suggest on this ?

Internet >> WAF VIP (vlan 123) >> SNAT (vlan 123) or Self IP (vlan 123) >> Pool (vlan 456)

paulius · Answer

ashishagrawal8 I recommend running the following and see what comes up in wireshark.
tcpdump -nni 0.0:nnp host &lt;virtual_server_IP&gt; -w /shared/tmp/tshoot.pcap
This should save the capture tshoot.pcap in path /shared/tmp/ which you can pull off and open up in wireshark. When you open this up in wireshark I recommend filtering by client IP first, then take the ephemeral port that the client uses and filter based on that port which should then follow the SNAT from the client request all the way through to the F5 SNAT IP destined to the pool member. You should see some F5 fields added in and you can see exactly what the F5 is doing with the connection. If you have a firewall or an ACL blocking the request from the SNAT IP to the destination pool member I could see this dropping because of that.

Forum Discussion

SNAT is not forwarding traffic towards Pool

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Action Items in OMB Memorandum M-22-09 “Moving the U.S. Government Toward Zero Trust...”

fellow traffic

Nodes forwarding

Policy to forward to a range of ports

Managing Kubernetes Traffic With F5 NGINX: A Practical Guide

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS