Forum Discussion
NimbostratusURL/VIP is not accessible but direct servers are reachable
I have set up a VIP behind which there are 4 Windows servers.
the VIP IP belongs to 10.130.51.x subnet. The Self IP and Floating IP also belongs to 10.130.51.x subnet. The server IPs belongs to 10.130.145.x subnet hence I have rules on FW to allow the communication between LTM and servers.
Below is the VIP configuaration, its a simple one with no irules etc:
ltm virtual csws01.na.imtn.com-443 { destination 10.130.51.x:https ip-protocol tcp mask 255.255.255.255 pool csws01.na.imtn.com-443 profiles { http { } tcp { } } snat automap vlans-disabled }
In the pool all members are marked up. When I do a curl do one of the servers from LTM I get 200 Ok. TCP Dump doesnt shows any information as to why VIP is not working. Can you tell me what I should look into ?
4 Replies
dipta_03_149731Also when i take a capture from my ip and vip ip I see packets.
[didey@NUS-INT-F5-A:Active:Changes Pending] ~ tcpdump -nni 0.0 -s0 -w /var/tmp/csws.pcap host 10.9.x.x and host 10.130.51.x tcpdump: listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes ^C^C 32 packets captured 32 packets received by filter 0 packets dropped by kernel
But when i take capture between vip and server then theres no packet
[didey@NUS-INT-F5-A:Active:Changes Pending] ~ tcpdump -nni 0.0 host 10.130.51.x and port 443 and host 10.130.145.x tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 96 bytes ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel
gsharriAltostratus
Remove the HTTP profile. HTTP profiles only work on unencrypted traffic. Your VS is HTTPS and it's not offloading SSL. If you need features provided by the HTTP profile you need a clientSSL profile on the VS to decrypt traffic.
- dipta_03_149731
Thanks a lot. I removed the http profile and its working fine.
- gsharriGlad I could help
