Forum Discussion
Ed_26015
Dec 04, 2010Nimbostratus
Source routing with iRules
Hi all,
I hope you can help.
I have two interfaces on the F5 that connect back to a Cisco PIX again on different interfaces.
Topology is 10.130.4.1 & 10.130.32.1 for the ...
Ed_26015
Dec 16, 2010Nimbostratus
Hi both,
Sorry about the delay in replying. We have had a VoIP phone roll-out over the last week so I have been heavily involved in the setup of that.
There is nothing in the logs for this iRule so I can't post anything in relation to that.
with regard to the network diagram it is as follows;
incoming traffic (172.16.20.0/24)
|
[ PIX (Cisco 525) ] - ACL's permit traffic
10.130.4.1 | | 10.130.32.1
| |
| |
10.130.4.10 | | 10.130.32.10
[ F5 Big IP (NAT addressing) ] - dg on F5 is 10.130.4.1
10.130.8.10 | 10.130.52.10
| |
10.130.8.0/22 10.130.52.0/24
| |
| |
[HP Switch] [HP Switch 5308XL] - dg 10.130.52.10 dg - 10.130.8.10 Routed
networks 10.130.52.0/24. 10.130.52.0/24,
10.130.54.0/24, 10.130.55.0/24
I have setup NAT addresses on the F5 to map to the backend networks e.g. 10.130.33.18 > 10.130.52.12 (this works) however 10.130.33.21 > 10.130.55.12 doesn't work. This is where I get the deny ICMP reverse path check. If I put routes on the F5 for the backend networks then I receive ICMP packets back but the routing iRule sees no traffic. Do i really need to setup routes on the F5 as without then I am seeing traffic on the PIX but through the wrong interface. If I get the iRule working so that it source routes the traffic through the correct interface then this is the ideal solution.
Regards,
Ed
Regards,
Ed
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects