For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ajit's avatar
Ajit
Icon for Altostratus rankAltostratus
Mar 10, 2015

VIP not functioning on port 8083

I have a firewall sitting in our network before the F5 loadbalancer. We have natted a public IP to a private IP (137.x.x.x - 192.168.162.31). The private IP is then used on the F5 as a VIP address listening on the port 443.

 

The members of the pool that are assigned to this VIP are listening on port 8083. Member ip address is 10.13.x.x:8083

 

I have added client ssl profile to the VIP since its a HTTPS VIP. From the LB i can ping the member IP addresses and i can also telnet to the member IP on port 8083 from the LB.

 

The connection is not working for me ... When i telnet to the public IP on 443 it works ...

 

Can anyone suggest what the problem would be? Can you suggest me some tcpdump strings?

 

application delivery
LTM
TMOS
TMSH

2 Replies

  • StephanManthey's avatar
    StephanManthey
    Icon for Nacreous rankNacreous
    Mar 10, 2015

    Hi Ajit,

    did you configure SNAT AutoMap for your virtual server? Asymmetric traffic flow is a typical reason for failing communication.

    A tcpdump to track incoming traffic including serverside traffic would look like this: 

    tcpdump -nnni 0.0:nnnp -s 0 -e -c 1000 host 


    -nnn
    = no name/protocol resolution, 
    -i 0.0
    = dump on the internal interface, 
    :nnnp
    = dump the internal ethernet trailer data and peer traffic (serverside traffic), 
    -s 0
    = dump full packet including the ethernet trailer data, 
    -c 1000
    = limit the dump to 1.000 packets, 
    host
    = one of many possible filters,

    Thanks, Stephan