Forum Discussion
genseek_32178
Nimbostratus
NimbostratusVirtual not Working
Hi,
We ve the following wilcard VS defined for INET access of servers in VLAN 20
virtual vlan20_vs
pool poolvlan20
destination any:any
mask 0.0.0.0
profiles fastl4_vlan20
rule tcp_snat_vl20
vlans 20 enable
3 src servers in vlan 20 are able to access internet each using different publicly routable SNAT IPs as defined in the iRule - tcp_snat_vl20
SNAT IPs - 1.1.1.2, 1.1.1.3, 1.1.1.4 ( Vlan - 50 ) for each server to access external nwks
There is another VIP - 1.1.1.10, defined in the same vlan 50 as the SNAT IP network.
Issue is - This VIP is not accesible from the same 3 src servers which are able to access INET.
thanks
hooleylistCirrostratus
Hi Genseek,
If you want the hosts on VLAN 50 to match the wildcard virtual, the virtual would need to be enabled on VLAN 50. Or you'd need routing set up outside of LTM to get the VLAN 50 hosts to the virtual on VLAN 20. If the clients are in the pool, you'd also need to ensure that the SNAT iRule would apply SNAT for the clients.
Aaron
genseek_32178Aaron,
Host are in Vlan20 not in Vlan 50.
Remote VIP - 1.1.1.10 is in Vlan 50......config is as below
virtual VS1_443
snatpool pool2
pool pool_443
destination 1.1.1.10:443
ip protocol tcp
profiles tcp
vlans 30, 50 enable
snatpool pool2 - has IP - 1.1.1.35
Hosts are configured to listen to wildcard VS..as mentioned above and below
virtual vlan20_vs
pool poolvlan20
destination any:any
mask 0.0.0.0
profiles fastl4_vlan20
rule tcp_snat_vl20
vlans 20 enable
Now 3 hosts in vlan 20 using the snat defined in rule are able to access internet but NOT able to access the remote VIP (1.1.1.10). This is the issue.- genseek_32178and by the way...remote VIP is also hosted on the same F5 device as the wilcard VS.