Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Can't access virtual server IP from browser , however I can ping and telnet on port 80

Go to solution
Yasir_Irfan_194
Nimbostratus
Nimbostratus

‎12-Apr-2017 04:11

Hi All,

 

I am new to f5, I am watching CBT nuggets ( Kieth) and build a topology using f5 VM. I have created 3 nodes with an IP 10.2.0.128,10.2.0.129 & 10.2.0.130(internal network) and mapped them to virtual server IP 192.168.1.177 (external network)for http service. From external network pc I can ping the VIP 192.168.1.177 and can telnet the same on port 80. However I cannot access it by browser. I could see the packets are received but there is no return traffic logs.

 

Also I have created a custom http monitor with following parameters GET /\r\n\r\n. All the nodes are up , pools are up. Can any one shed why this issue is persisting in the lab.

 

Cheers

 

Yasir

 

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
IainThomson85_1
Cumulonimbus
Cumulonimbus

‎12-Apr-2017 04:13

Usually SNAT related,

 

Use a SNATPool or Snat Automap....

 

View solution in original post

11 REPLIES 11

Go to solution
IainThomson85_1
Cumulonimbus
Cumulonimbus

‎12-Apr-2017 04:13

Usually SNAT related,

 

Use a SNATPool or Snat Automap....

 

Go to solution
ahmed_bouja_303
Nimbostratus
Nimbostratus

‎19-Apr-2017 13:08

Hi,

 

We have issuing the same issue. And the SNAT is configured to Automap. Can anyone meet this problem and is there any solution for that ?

 

0 Kudos

Go to solution
janholtz
Altostratus
Altostratus

‎19-Apr-2017 15:01

Remove monitor Shell into the F5. Run: tcpdump -s0 -X -nnni 0.0 host 10.2.0.128 or host 10.2.0.129 or host 10.2.0.130

 

Test connection.

 

What do you see?

 

BR Jan

 

0 Kudos

Go to solution
ahmed_bouja_303
Nimbostratus
Nimbostratus

‎19-Apr-2017 15:12

Hi Jan,

 

Thanks a lot for response.

 

Our issue is related only to the Virtual Server IP address: we can ping it and can telnet the same on port 80. However we cannot access it by browser.

 

For the Pool Servers, we don't have any issues. We can telnet them on port 80 and access them by browser. By we can't access the VIP by browser. I think the LTM feature is not functioning despite all the configuration is OK

 

Regards, Ahmed

 

0 Kudos

Go to solution
janholtz
Altostratus
Altostratus

‎19-Apr-2017 17:10

OK, hang on. You say you can telnet? So if you telnet to the virtual server:

 

telnet 10.10.10.10 80 GET / HTTP/1.1 HOST:127.0.0.1 CONNECTION:close

Get you what response?

 

0 Kudos

Go to solution
sasi60_360261
Nimbostratus
Nimbostratus

‎04-May-2018 16:21

hi Yasir, i would like to remind you to check the default gateway on your web servers. make sure those are set correctly.

 

0 Kudos

Go to solution
janholtz
Altostratus
Altostratus
In response to sasi60_360261

‎10-May-2018 17:35

Default gateway should have no bearing if we are using SNAT.

 

IF:

 

1) Client can connect to virtual server

 

2) F5 can connect to back-end hosts.

 

We should only need correct SNAT, and we'll be happy.

 

Some caveats for condition 2:

 

Remember that when you telnet / curl from the LTM command line, it will ALWAYS use non-floating IP address to get to the back-ends.

 

When you use a client machine, and hit the virtual server with SNAT automap, it will ALWAYS try to use the floating ip address to it's internal VLAN (if assigned), and THEN non-floating.

 

ALL of the above are predicated on the premise that NONE of the traffic is trying to go / get to / from the management interface, in which case all bets are off and reality is guaranteed to get distorted.

 

DO NOT use the management IP / interface for anything besides management. It will not work... you will make yourself unhappy.

 

//Jan

 

Go to solution
Andy_304337
Cirrus
Cirrus
In response to sasi60_360261

‎11-Nov-2018 10:12

Hi Yasir

 

You can try this command to see if your client ip is hitting snat and/or vip.

 

Tmsh show sys coonection | grep [client ip]

 

The snat ip wud generally be on 2nd column & vip be on 3rd or 4th column.

 

Let us know the result.

 

0 Kudos

Go to solution
Mohamed_Fadhul
Nimbostratus
Nimbostratus

‎13-May-2021 23:50

Hi all,

 

Is this issue still there?!

Am facing the same problem but am not able to find a solution for it.

 

Can anyone help please ?

0 Kudos

Go to solution
TKThamira
Nimbostratus
Nimbostratus

‎26-Jun-2021 05:21

Hi All,

 

You need to create a SNAT.

Local Traffic >> Address Translation >>SNAT List

 

Create new one with Translation Type 'Automap'

Go to solution
David_Anderson_
Nimbostratus
Nimbostratus

‎10-Feb-2022 10:50

Hey Man, 

I am rookie with F5 as well, and experienced the same issue as you, in fact I had both, one with HTTP_VS and other with HHTPS_VS. 

The fist one I solved anabling "automap" in HHTP_VS

The second one I in the second I had forgotten to select a certificate in the SSL Profile (client) side

 

I hope you have already solved your problem, anyway, here's the tip for the next rookie. 

0 Kudos
Copyright © 2023 Khoros, LLC