Forum Discussion
genseek_32178
Nimbostratus
Jun 27, 2012VS Issue
Hi,
Have the following 2 Virtual servers config,
virtual VS1
pool pl443
destination 1.1.1.1:443
ip protocol tcp
profiles tcp-default
vlan 2 enable
client - any
VIP - 1.1.1.1:443
pl443 - 10.10.10.10 ( status- UP )
when trying to access- https://1.1.1.1/active.html via VIP - Not working
when trying to access directly on pool member - https://10.10.10.10/active.html- Works
virtual VS2
pool pool443
destination 172.20.20.10:443
ip protocol tcp
profiles tcp-default
vlan 3 enable
client - any
VIP - 172.20.20.10:443
pool443 - 172.20.20.30 (status - up )
when connecting VIP via sql server studio - DOES NOT WORK
but when connecting via DIP/pool member via sql server studio- IT WORKS
any ideas would be greatful
genseek
- nitass
Employee
have you done tcpdump? how was it? - genseek_32178
Nimbostratus
VIP is responding on portqry from outside....and also responding to telnet on port 443 for both VS... - nitass
Employee
when client accessed vip, did you see 3 ways handshake on server-side, i.e. between f5 and server, in tcpdump? - El_Jefe
Nimbostratus
Clear your browser cache. I have seen weird issues like this be just that. If the VIP is truly responding on 443 via telnet, (i.e., you're getting real traffic back from the pool member, and not just echos....), then the LTM is really working and doing it's job. Also, I notices it just enabled on one vlan, try enabling it on all, and see if that makes a difference, and check to see if SNAT Automap is turned on or not. - genseek_32178
Nimbostratus
Thanks for the reply nitass and El_Jefe - nitass
Employee
e.g. - genseek_32178
Nimbostratus
nitass, - El_Jefe
Nimbostratus
genseek - enabling only on the one VLAN means it will only route traffic on that VLAN. - nitass
Employee
output from the tcpdump command we can see directly on the F5 prompt right..no need to to use any packet capture tool? i think it is easier to check packet trace using tool such as wireshark. - Hamish
Cirrocumulus
Posted By El_Jefe on 06/28/2012 06:52 AMAlso be aware that asymetric routing is not supported... If the bigip opens a tcp connection OUT one interface it will expect the responding packets to come IN tha interface roo.
Recent Discussions
Related Content
Ā
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects