Forum Discussion

Sasi_81631's avatar
Icon for Nimbostratus rankNimbostratus
Feb 15, 2012

Virtual Server configuration

We own a 10.2.2 build installed on 1600 box(ltm licensed/provisioned) and facing an issue with configuring the


virtual-server's port in ltm.


Sample config is given below:


) list ltm virtual vip1


ltm virtual vip1 {




ip-protocol tcp




pool Linux


profiles {


http { }


tcp { }




snat automap




) list ltm pool Linux


ltm pool Linux {


members { {


session monitor-enabled


} {


session monitor-enabled


} {


session monitor-enabled






monitor gateway_icmp




And, self-ip, vlan everything is configured with default values of 10.2.2. And, pool members are pingable from bigip. Client


also reachable to vip1 and physical servers.



An SOAP server-application is running in these three servers(172.18.x.x) in the given ports. When I try accessing these


servers seperatly using our SOAP-client application its working fine. (Note: The SOAP application is developed by us).


However, when I configure a vip server(vip1) to load balance between these servers, it fail to respond and reply a service


error saying "Server not running"(an error message sent by our application).


Up to my understanding, we can use any port in vip, irrespective of the actual server-ports. And, there is no firewall


between bigip and actual-servers.


We use our own SOAP client to access the Server-application. Through browser, we use our WEB-INF file via apache server to




Can anyone help in configuring the port range of 13000-130080, instead of actual ports. Since this is an urgent requirement,


can someone suggest what is wrong here.




2 Replies

  • Do you have a virtual server defined on port 13081? Or is it matching a wildcard port virtual server? If the VS is defined on port 13000 your requests on port 13081 shouldn't be using this VS.

    To handle a range of 80 ports, you can change the virtual server to listen on port 0 (any port) and then use an iRule to block all other ports. Do you want to have LTM perform destination port translation? Or do you want LTM to just pass through the port of 13000 to the pool member on 13000 and 13001 to the pool member on 13001? If the former, what's the logic for doing the port translation?

    Here's an example of the iRule to only allow connections through on ports 13000 - 13080:

    if {[TCP::local_port] >= 13000 and [TCP::local_port] <= 13080}{
     Do nothing and allow the connection through to the pool
    } else {
     Reset the connection