Forum Discussion
NimbostratusSSH access to web server behind LTM
MVPThis is very simple, assuming you have already configured your VLANs on F5, you'll need to create a standard VS listening on an IP address (destination address parameter) on the Internet VLAN and port 22.
The VS will automatically do the NAT for you, however if F5 is not configured as the gateway of your web servers, you'll need to configure it with the parameter source address translation set to automap.
Everything else keep it to the default value except if you have other specific requirements.
NimbostratusMy web servers are based CentOS with gateway set to 10.2.0.145 and this is f5 internal port. VLANs are configured... I think they are. SSH services are running. I can ssh to them from f5 cli.
If I understand correctly your first scenario with gateways I tried this:
How VS know where to forward traffic? Empty source field is auto filled with 0.0.0.0/0 and that means "from all sources/ip addresses", correct? NAT field stays like it is, "none". I tried also changing it with no luck. VPS is online, I can ping it and I checked port with nmap, it is opened.
I tried also second scenario, with source field set to my web server IP address (10.2.0.11) and NAT set to "auto". My gateways on web servers are still set to f5 internal interface address 10.2.0.145. This scenarios seems to be more proper for me but still does not work. In this scenario port seems to be closed.
I tried third scenario and I used:
Type: Standard
Source: 0.0.0.0/0
Destination Address: 192.168.1.146
Service Port: 22
Source Address Translation: None
Under "Resources" I set "Default Pool" to pool with my web server and ssh port and this scenario works. As you see I configured it like http service with web sites but i don't think this is best practice, right?
Do you have idea what I do wrong. I think problem with is with my lacking knowledge on f5 field :)
My LTM version is 11.6.0
