cancel
Showing results for 
Search instead for 
Did you mean: 

Can't access virtual server IP from browser , however I can ping and telnet on port 80

Yasir_Irfan_194
Nimbostratus
Nimbostratus

Hi All,

 

I am new to f5, I am watching CBT nuggets ( Kieth) and build a topology using f5 VM. I have created 3 nodes with an IP 10.2.0.128,10.2.0.129 & 10.2.0.130(internal network) and mapped them to virtual server IP 192.168.1.177 (external network)for http service. From external network pc I can ping the VIP 192.168.1.177 and can telnet the same on port 80. However I cannot access it by browser. I could see the packets are received but there is no return traffic logs.

 

Also I have created a custom http monitor with following parameters GET /\r\n\r\n. All the nodes are up , pools are up. Can any one shed why this issue is persisting in the lab.

 

Cheers

 

Yasir

 

1 ACCEPTED SOLUTION

IainThomson85_1
Cumulonimbus
Cumulonimbus

Usually SNAT related,

 

Use a SNATPool or Snat Automap....

 

View solution in original post

11 REPLIES 11

IainThomson85_1
Cumulonimbus
Cumulonimbus

Usually SNAT related,

 

Use a SNATPool or Snat Automap....

 

ahmed_bouja_303
Nimbostratus
Nimbostratus

Hi,

 

We have issuing the same issue. And the SNAT is configured to Automap. Can anyone meet this problem and is there any solution for that ?

 

janholtz
Altostratus
Altostratus

Remove monitor Shell into the F5. Run: tcpdump -s0 -X -nnni 0.0 host 10.2.0.128 or host 10.2.0.129 or host 10.2.0.130

 

Test connection.

 

What do you see?

 

BR Jan

 

ahmed_bouja_303
Nimbostratus
Nimbostratus

Hi Jan,

 

Thanks a lot for response.

 

Our issue is related only to the Virtual Server IP address: we can ping it and can telnet the same on port 80. However we cannot access it by browser.

 

For the Pool Servers, we don't have any issues. We can telnet them on port 80 and access them by browser. By we can't access the VIP by browser. I think the LTM feature is not functioning despite all the configuration is OK

 

Regards, Ahmed

 

janholtz
Altostratus
Altostratus

OK, hang on. You say you can telnet? So if you telnet to the virtual server:

 

telnet 10.10.10.10 80 GET / HTTP/1.1 HOST:127.0.0.1 CONNECTION:close

Get you what response?

 

sasi60_360261
Nimbostratus
Nimbostratus

hi Yasir, i would like to remind you to check the default gateway on your web servers. make sure those are set correctly.

 

Default gateway should have no bearing if we are using SNAT.

 

IF:

 

1) Client can connect to virtual server

 

2) F5 can connect to back-end hosts.

 

We should only need correct SNAT, and we'll be happy.

 

Some caveats for condition 2:

 

Remember that when you telnet / curl from the LTM command line, it will ALWAYS use non-floating IP address to get to the back-ends.

 

When you use a client machine, and hit the virtual server with SNAT automap, it will ALWAYS try to use the floating ip address to it's internal VLAN (if assigned), and THEN non-floating.

 

ALL of the above are predicated on the premise that NONE of the traffic is trying to go / get to / from the management interface, in which case all bets are off and reality is guaranteed to get distorted.

 

DO NOT use the management IP / interface for anything besides management. It will not work... you will make yourself unhappy.

 

//Jan

 

Hi Yasir

 

You can try this command to see if your client ip is hitting snat and/or vip.

 

Tmsh show sys coonection | grep [client ip]

 

The snat ip wud generally be on 2nd column & vip be on 3rd or 4th column.

 

Let us know the result.

 

Mohamed_Fadhul
Nimbostratus
Nimbostratus

Hi all,

 

Is this issue still there?!

Am facing the same problem but am not able to find a solution for it.

 

Can anyone help please ?

TKThamira
Nimbostratus
Nimbostratus

Hi All,

 

You need to create a SNAT.

Local Traffic >> Address Translation >>SNAT List

 

Create new one with Translation Type 'Automap'

David_Anderson_
Nimbostratus
Nimbostratus

Hey Man, 

I am rookie with F5 as well, and experienced the same issue as you, in fact I had both, one with HTTP_VS and other with HHTPS_VS. 

The fist one I solved anabling "automap" in HHTP_VS

The second one I in the second I had forgotten to select a certificate in the SSL Profile (client) side

 

I hope you have already solved your problem, anyway, here's the tip for the next rookie.