Virtual forwarding server versus routing table

Hi Felix888, Can you provide a sanitized version of your configuration. This will help us determine what settings you might be missing or adding that coul be an issue.

Thanks,

My network:

So basically the above is the network diagram. Vlan 20 is the management VLAN, it will connect and manage to all switches, F5, public DNS servers etc. I need to be able to access to all vlan: 10,11,12,20,21 ... So I create the static route entry: destination 192.168.0.0 /16 via gateway 10.20.0.2 and I did setup the VS, but they simply never work: for example: forward VS1: source: 0.0.0.0 Destination: 0.0.0.0 ....

Currently by using the routing table, I can only route to vlan 20. the gateway for the host has to be 10.20.0.2

Any help would be great!

Thanks

Hi Felix888,

Can you provide the LTM configuration?

thanks,

Hi Bhattman:

What kind of config file I can output to? I haven't done that before, sorry...

If you log in via CLI

You go to the following path

/config

Look for bigip.conf file. You should go through and scrub out any sensitive information before posting.

Thanks,

Thanks! Please check the attached config file. Previously, in order to simply the diagram, I didn't put the real network ip range: here is the brief about the IP: 10.20.0.0 is 10.0.2.0 in the config 10.21.0.0 is 10.0.20.0 in the config. the rest of IP range is used internally for the lan, dmz and other networks.

apm client-packaging /Common/client-packaging { } apm resource remote-desktop citrix-client-bundle /Common/default-citrix-client-bundle { } asm predefined-policy POLICY_TEMPLATE_ACTIVESYNC_V1_0_V2_0_HTTP { } asm predefined-policy POLICY_TEMPLATE_ACTIVESYNC_V1_0_V2_0_HTTPS { } asm predefined-policy POLICY_TEMPLATE_LOTUSDOMINO_6_5_HTTP { } asm predefined-policy POLICY_TEMPLATE_LOTUSDOMINO_6_5_HTTPS { } asm predefined-policy POLICY_TEMPLATE_ORACLE_10G_PORTAL_HTTP { } asm predefined-policy POLICY_TEMPLATE_ORACLE_10G_PORTAL_HTTPS { } asm predefined-policy POLICY_TEMPLATE_ORACLE_APPLICATIONS_11I_HTTP { } asm predefined-policy POLICY_TEMPLATE_ORACLE_APPLICATIONS_11I_HTTPS { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2003_HTTP { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2003_HTTPS { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2003_WITH_ACTIVESYNC_HTTP { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2003_WITH_ACTIVESYNC_HTTPS { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2007_HTTP { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2007_HTTPS { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2007_WITH_ACTIVESYNC_HTTP { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2007_WITH_ACTIVESYNC_HTTPS { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2010_HTTP { } asm predefined-policy POLICY_TEMPLATE_OWA_EXCHANGE_2010_HTTPS { } asm predefined-policy POLICY_TEMPLATE_PEOPLESOFT_PORTAL_9_HTTP { } asm predefined-policy POLICY_TEMPLATE_PEOPLESOFT_PORTAL_9_HTTPS { } asm predefined-policy POLICY_TEMPLATE_RAPID_DEPLOYMENT { } asm predefined-policy POLICY_TEMPLATE_SAP_NETWEAVER_7_HTTP { } asm predefined-policy POLICY_TEMPLATE_SAP_NETWEAVER_7_HTTPS { } asm predefined-policy POLICY_TEMPLATE_SHAREPOINT_2003_HTTP { } asm predefined-policy POLICY_TEMPLATE_SHAREPOINT_2003_HTTPS { } asm predefined-policy POLICY_TEMPLATE_SHAREPOINT_2007_HTTP { } asm predefined-policy POLICY_TEMPLATE_SHAREPOINT_2007_HTTPS { } asm predefined-policy POLICY_TEMPLATE_SHAREPOINT_2010_HTTP { } asm predefined-policy POLICY_TEMPLATE_SHAREPOINT_2010_HTTPS { } ltm default-node-monitor { rule none } ltm virtual /Common/Forwarding-Headquater-VS { description "Forward Traffic back to headquater" destination /Common/192.168.0.0:0 ip-forward ip-protocol tcp mask 255.255.0.0 profiles { /Common/fastL4 { } } source 10.0.2.0/24 source-address-translation { type automap } translate-address disabled translate-port disabled vlans { /Common/headquater_Manage } vlans-enabled } ltm virtual /Common/Internal-routing1 { description "Management VLAN internal routing" destination /Common/10.0.2.0:0 ip-forward ip-protocol tcp mask 255.255.255.0 profiles { /Common/fastL4 { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address disabled translate-port disabled } ltm virtual /Common/Internal-routing2 { description "VManage-VLAN internal routing" destination /Common/10.0.7.0:0 ip-forward ip-protocol tcp mask 255.255.255.0 profiles { /Common/fastL4 { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address disabled translate-port disabled vlans { /Common/VManage-ESX } vlans-enabled } ltm virtual /Common/Internal-routing3 { description "SETWEBVIP- VLAN internal routing" destination /Common/10.0.20.0:0 ip-forward ip-protocol tcp mask 255.255.255.0 profiles { /Common/fastL4 { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address disabled translate-port disabled vlans { /Common/SET-WEBVIP } vlans-enabled } ltm virtual-address /Common/10.0.2.0 { address 10.0.2.0 arp disabled icmp-echo disabled mask 255.255.255.0 traffic-group /Common/traffic-group-1 } ltm virtual-address /Common/10.0.7.0 { address 10.0.7.0 arp disabled icmp-echo disabled mask 255.255.255.0 traffic-group /Common/traffic-group-1 } ltm virtual-address /Common/10.0.16.0 { address 10.0.16.0 arp disabled icmp-echo disabled mask 255.255.255.0 traffic-group /Common/traffic-group-1 } ltm virtual-address /Common/10.0.20.0 { address 10.0.20.0 arp disabled icmp-echo disabled mask 255.255.255.0 traffic-group /Common/traffic-group-1 } ltm virtual-address /Common/192.168.0.0 { address 192.168.0.0 arp disabled icmp-echo disabled mask 255.255.0.0 traffic-group /Common/traffic-group-1 } ltm virtual-address /Common/192.168.130.0 { address 192.168.130.0 arp disabled icmp-echo disabled mask 255.255.255.0 traffic-group /Common/traffic-group-1 } net route /Common/headquater-Network { description "Access to Headquater Network through VPN" gw 10.0.2.2 mtu 1500 network 192.168.0.0/16 } net route /Common/Default-Gateway { description "Default Internet Gateway" interface /Common/WAN mtu 1500 network default } net ipsec ike-daemon /Common/ikedaemon { } security http profile /Common/http_security_migrated_httpsecurity_profile { app-service none case-sensitive defaults-from /Common/http_security description "This profile was created by upgrade migration process from the original HTTP

Security Profile named: [http_security]" evasion-techniques { alarm enabled block disabled } file-types { alarm enabled block disabled } http-rfc { alarm enabled bad-host-header enabled bad-version enabled block disabled body-in-get-head disabled chunked-with-content-length enabled content-length-is-positive enabled header-name-without-value enabled high-ascii-in-headers disabled host-header-is-ip disabled maximum-headers 20 null-in-body enabled null-in-headers enabled post-with-zero-length disabled several-content-length enabled unparsable-content enabled } mandatory-headers { alarm enabled block disabled } maximum-length { alarm enabled block disabled post-data 15728640 query-string 1024 request any uri 1024 } methods { alarm enabled block disabled values { GET POST HEAD } } response { body "Request RejectedThe requested URL was

rejected. Please consult with your administrator.

()%>" headers "HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Connection: close" type default url none } } sys software update { auto-check enabled frequency weekly } wom endpoint-discovery { }

Sorry, it looks messy, it doesn't seem to allow me to attach the file.

It's a bit hard to go through, but did you enable the VS forwarding on specific VLANS rather then all of them?

As of now I am only able to access to 10.0.2.0 network remotely. I cannot to access to 10.0.7.0/24 at all although there are servers running there.