For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mario_Baron_147's avatar
Mario_Baron_147
Icon for Nimbostratus rankNimbostratus
Jun 03, 2014

Use the floating-IP as Snat automap IP Address

Hi,

 

We have a virtual server to perform snat automap. When doing a tcpdump, we have observed that the IP address being used to do the snat is the self-IP of the active load balancer (Viprion2400 pair) instead of the floating IP.

 

Is there any configuration way to use the floating-IP instead of the self-Ip to perform the snat for a virtual server?

 

Thanks in advanced for your support,

 

BR, Mario

 

7 Replies

  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Jun 03, 2014

    SNAT automap should choose the floating self IP address for translated client traffic if everything is setup correctly. Are your LTMs setup in a sync-failover group?

     

    Check your self IP configurations and ensure they are applied to the correct vlans.

     

    • Mario_Baron_147's avatar
      Mario_Baron_147
      Icon for Nimbostratus rankNimbostratus
      Jun 04, 2014
      Thanks for the quick answer. Do you mean that I have to create a sync-failover group in order the Viprion to take the floating IP as SNAT ip address? Thanks, Mario
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 04, 2014

    Do you mean that I have to create a sync-failover group in order the Viprion to take the floating IP as SNAT ip address?

     

    what Cory means is it should use floating self ip by default.

     

    didn't you create sync-failover device group? how did you configure ha pair without sync-failover device group?

     

    by the way, is virtual server address and floating self ip member of floating traffic group?

     

    sol7336: The SNAT Automap and self IP address selection

     

    http://support.f5.com/kb/en-us/solutions/public/7000/300/sol7336.html

     

    • Mario_Baron_147's avatar
      Mario_Baron_147
      Icon for Nimbostratus rankNimbostratus
      Jun 04, 2014
      Thanks to both for your help! I didn't realise that the traffic I was seeing on the tcpdump using the self-IP (instead of the expected floating-IP after the snat automap) were the monitors... no the service itself. The monitors use the self-IP of each LTM as source IP address of the monitoring packet, right? Thanks again for your help, BR, Mario
  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    Jun 04, 2014

    Do you mean that I have to create a sync-failover group in order the Viprion to take the floating IP as SNAT ip address?

     

    what Cory means is it should use floating self ip by default.

     

    didn't you create sync-failover device group? how did you configure ha pair without sync-failover device group?

     

    by the way, is virtual server address and floating self ip member of floating traffic group?

     

    sol7336: The SNAT Automap and self IP address selection

     

    http://support.f5.com/kb/en-us/solutions/public/7000/300/sol7336.html

     

    • Mario_Baron_147's avatar
      Mario_Baron_147
      Icon for Nimbostratus rankNimbostratus
      Jun 04, 2014
      Thanks to both for your help! I didn't realise that the traffic I was seeing on the tcpdump using the self-IP (instead of the expected floating-IP after the snat automap) were the monitors... no the service itself. The monitors use the self-IP of each LTM as source IP address of the monitoring packet, right? Thanks again for your help, BR, Mario
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 04, 2014

    The monitors use the self-IP of each LTM as source IP address of the monitoring packet, right?

     

    yes, health monitor uses non-floating self ip.