Forum Discussion
Racquel_Mays
Employee
EmployeeUse LTM Policies to Create a VIP listening on Specific Ports
All, we are moving from A10 to F5 LTM. With A10 we have 1 VIP, and up to 4 "service-groups" or pools serving 4 specific ports. My goal is to provide a similar functionality in the LTM using Local Tra...
#facepalm...notice the hidden option on the tcp port:
mine was remote by default, changing to local fixed the issue. Working policy that should help:
ltm policy allports_testpolicy { controls { forwarding } last-modified 2021-02-10:16:42:35 requires { tcp } rules { tcp-80 { actions { 0 { forward client-accepted select pool nerdlife_pool } } conditions { 0 { tcp client-accepted port local values { 80 } } } } tcp-8080 { actions { 0 { forward client-accepted select pool nerdlife_pool } } conditions { 0 { tcp client-accepted port local values { 8080 } } } ordinal 1 } tcp-all-else { actions { 0 { shutdown client-accepted connection } } conditions { 0 { tcp client-accepted port local not values { 80 8080 } } } ordinal 2 } } status published strategy first-match }
Racquel_MaysEmployee
EmployeeNo, I dont have a clientssl profile on that vip. Its http, so I didn't think i would need it. Do I need it?
JRahm
Admin
Adminif you have no ssl, then no. But if you are trying to serve a combination, yes.
I've been testing some different policy options and am also having issues getting it to work, whereas my very simple irule is working fine;
when CLIENT_ACCEPTED {
switch [TCP::local_port] {
80 -
8080 { pool nerdlife_pool }
default { reject }
}
}I cannot seem to achieve the same in my policy, I get resets regardless. I'll have to do some research.