Forum Discussion
NimbostratusVirtual forwarding server versus routing table
Hello there:
I'm pretty new to the F5 system, recently purchased the F5 10259v. Now I am stuck with the routing, especially when I try to do the intra-vlan routing and route all vlans back to my headquarter company through Cisco ASA (VPN). I was told to setup the virtual forwarding servers, I did set them up, but none of them work!!! And I don't know what I shall do with it. In my case, it seems only routing table can help me a bit. For example I am able to route one vlan back to my remote network. When I search this forum for the right answer, I don't see much people mentioned about the routing table when talking about the VS. I get confused. If we have the routing table why bother to use the VS??
Thanks
35 Replies
Felix888_164906I'm sorry for the confusion. As I said previously in order to sanitized the config, I didn't put the real IP range there. So 10.20.0.0/24 is actually 10.0.2.0/24 and 10.21.0.0/24 is actually 10.0.20.0/24- The_Bhattman
Did you have translate-address enabled and translate-port enabled on the VS?
- Felix888_164906
there is no configuration option in the configuration utility. I thought it is disabled by default?/
- Felix888_164906
Oh, sorry, I set it up as auto map. I thought I set it none at a time but no luck. Let me try it again
- Felix888_164906
Sorry for the simple question: How to show the VS config in CLI?
- Felix888_164906
I setup below VS in order to route vlan 7 back to headquarter via ASA, it doesn't work: ltm virtual Forwarding-Corp-VS { description "Forward Traffic back to headquarter" destination 192.168.0.0:any ip-forward ip-protocol tcp mask 255.255.0.0 profiles { fastL4 { } } source 10.0.7.0/24 translate-address disabled translate-port disabled vlans { VManage-ESX } vlans-enabled vs-index 3 } ltm virtual Internal-routing1 { description "Management VLAN internal routing" destination 10.0.2.0:any ip-forward ip-protocol tcp mask 255.255.255.0 profiles { fastL4 { } } source 0.0.0.0/0 translate-address disabled translate-port disabled vs-index 4 } ltm virtual Internal-routing2 { description "VManage-VLAN internal routing" destination 10.0.7.0:any ip-forward ip-protocol tcp mask 255.255.255.0 profiles { fastL4 { } } source 0.0.0.0/0 translate-address disabled translate-port disabled vlans { VManage-ESX } vlans-enabled vs-index 5 } ltm virtual Internal-routing3 { description "SETWEBVIP- VLAN internal routing" destination 10.0.20.0:any ip-forward ip-protocol tcp mask 255.255.255.0 profiles { fastL4 { } } source 0.0.0.0/0 translate-address disabled translate-port disabled vlans { SET-WEBVIP } vlans-enabled vs-index 7 } - The_Bhattman
Hi Felix888,
Thank you for the readable configuration. I can now see that you have set you protocol to TCP on the VS forwarding. This is where your pings will not get through since ICMP is not TCP or UDP. If you switch from TCP to ALL protocols, I believe your pings will start get through.
- Felix888_164906
I can't believe it works!!!! I can see from the ASA monitor the packet from vlan7 host destined to 192.168.130.98!!! Thank you! However how come I can't ping the host to vlan 7 from the corp network (from 192.168.130.98)? - Felix888_164906
In order to prove VS works, I disabled all VS, but the ping traffic is still going? I can't figure it out why ....
- Felix888_164906
Hello The Bhattman:
you're the best. I'm able to access to the host from the remote. I have to enable management vlan. You are the man! Much appreciate this!
