SSH/SFTP problem!

Can you clarify what the SNAT address is? If you have the SNAT address set to the client IP, can you change this? Set the SNAT on the virtual server to automap, so that the BIG-IP will use a self IP on the egress VLAN for a source address.

 

 

I think the following are the IP's you're using

 

 

10.12.1.1 Client

 

172.17.20.11 VIP

 

172.17.40.21 Server

 

 

If this doesn't work, can you try another test? Can you create a new FastL4 profile to use on the forwarding virtual server? Please disable PVA acceleration on the new profile according to these steps:

 

 

SOL6546: Recommended methods and limitations for running tcpdump on a BIG-IP version 9.x system (Click here)

 

 

To temporarily disable PVA acceleration for a FastL4 profile, perform the following procedure:

 

 

1. Log in to the Configuration utility.

 

2. Click Local Traffic.

 

3. Click Profiles.

 

4. Choose FastL4 from the Protocol drop-down menu.

 

5. Create a new FastL4 profile called FastL4_no_pva_acceleration.

 

6. Check the check box next to PVA Acceleration and select None from the drop-down menu.

 

7. Browse to the forwarding virtual server and select the new FastL4 profile under Protocol Profile (client).

 

8. Perform a tcpdump, specifying the interface as 0.0 to capture all traffic.

 

9. Once the tcpdump captures are completed, change the Protocol Profile back to the default FastL4 profile.

 

 

Can you also add the -e flag to the tcpdump command to list the MAC address and VLAN tags to the tcpdump:

 

 

tcpdump -eni 0.0 host 10.12.1.1 or host 172.17.40.21

 

 

Thanks,

 

Aaron