Forum Discussion
hakeemkim
Altocumulus
AltocumulusThis is a related question when using Performance L4 as a forwarding IP.
hello Sir.
Thank you for your help.
[No Pool]
I know that when the [Address Translation ] option is [Disalbed], it works normally.
I would like to know what Flow does not work when the Address Translation option is Enabled
Why reply admin-prohibited?
admin-prohibited is set when setting like a firewall
Isn't that a response phrase?
Address Translation, when checked (enabled), that the system translates the address of the virtual server. When cleared (disabled), specifies that the system uses the address without translation. This option is useful when the system is load balancing devices that have the same IP address. The default is enabled.
your VS not have a pool, when you enable Address Translation, the system can not translate the clientside dst ip to serverside pool member address
tcpdump packet find icmp type 3 code 9 official definition is "Destination network administratively prohibited"
Also with TCP RST logs enabled I think in the LTM log it will be "No server selected" https://support.f5.com/csp/article/K13223.
- xuwen
Cumulonimbus
Address Translation, when checked (enabled), that the system translates the address of the virtual server. When cleared (disabled), specifies that the system uses the address without translation. This option is useful when the system is load balancing devices that have the same IP address. The default is enabled.
your VS not have a pool, when you enable Address Translation, the system can not translate the clientside dst ip to serverside pool member address
tcpdump packet find icmp type 3 code 9 official definition is "Destination network administratively prohibited"
- Nikoolayy1
MVP
Also with TCP RST logs enabled I think in the LTM log it will be "No server selected" https://support.f5.com/csp/article/K13223.
hakeemkimThank you sir for all your replies.
This solution link helped me a lot.
- Kai_Wilke
Awesome response. Very precise analysis 😉
Cheers, Kai
hello hakeemkim ,
Strange design for me !
> the Flow shouldn’t work with you when enabling (Address Translation) because you need to specify a "IP" address through F5 " I mean to create Virtual server with an ip address not wildcard/any address and in this case you should configure " 20.0.0.80 " as a pool member.
> you can configure a Forwarding virtual server instead of Performance layer 4 , to be fit with your needs this is my opinion.
> If you want to test only icmp packets , I have another idea to do it with performance layer 4 virtual sevrer1- you put an Ip address
2- change " protocol profilr client " from ( FastL4 to anyip ) and update your changes.
3- do not forget to assign "20.0.0.80" as a pool for this VS4- Go to (Local traffic >>> virtual servers >>> virtual address list >>> choose the modified virtual server address from list )
5- Go down under Configuration , you will see " icmp echo " equal "Always" change it to be "Disabled" and update.
Ping traffic can be sent and recieved via F5 from client to node and returned back replay from node to client.
> you can achieve it by standard virtual server " without http profile " and Fast layer 4 VS
> may I misses some points with your inquiry ,I replied bepending on my understanding , you can clarify more to be able to help more.
Regards
