F5 BIG IP and wmware workstation

farid95 · ‎24-Jul-2022

I just started the F5 course. My lab seems to me to be architected like that of the TP. I run it from a VMware Workstation 16. Everything is OK, except the possibility to attack the "external" paw 10.10.10.0/24 from my client machine.
A ping of ip self 10.10.10.200 with the port lockdown allow default option from the PC_Client is failed. A ping of 10.10.10.1 from the PC_Client responds.

The "external" network is connected to my vmnet13 which also connects my Client and the "1.2" interface via the external vlan of the F5-BigIP.

It is therefore impossible for me to perform the access test in HTTP and HTTPS to my VS 10.10.10.10 which does not respond.
If anyone has a lead, I thank them in advance.

Kind regards

LiefZimmerman · ‎26-Jul-2022

@farid95 - if you have not been able to resolve this yet let me know and I will see if I can get an expert to take a look.

farid95 · ‎26-Jul-2022

I couldn't find a solotion
here is my LAB

network:
vmnet13 host only 10.10.10.0/24
vmnet12 host only 172.16.10.0/24

Network adaptater 2: vmnet12
Network adaptater 3: vmnet13

Internal VLAN: Interface 1.1
External VLAN: 1.2 interface

Self IP : 172.16.10.200 , vlan internal
self IP: 10.10.10.200, vlan external , port lockdown default allow

Ping NOK from my physical machine to 10.10.10.200

VS: 10.10.10.10:80 with http profile
the VS is not reachable from my physical machine

do you have a solution?

buulam · ‎26-Jul-2022

Hi @farid95 have you tried setting vmnet13 to Bridged and testing?

~~~~~~~~~~~~~~~~~~
@buulam / YouTube.com/DevCentral

farid95 · ‎27-Jul-2022

I set vmnet 13 to bridged but I still have the same problem

buulam · ‎27-Jul-2022

I think I'm a bit confused. Just to clarify: Your local VMware Workstation host can ping into the self IP and VIPs of the 10.10.10.0/24 network?

It's just PC_Client within the lab that you've setup that can't reach the VIPs hosted on the BIG-IP within the 10.10.10.0/24 subnet? Can it reach the self IP?

~~~~~~~~~~~~~~~~~~
@buulam / YouTube.com/DevCentral

farid95 · ‎27-Jul-2022

my physical machine on which I installed vmware workstation cannot join ip self and VS

on the other hand the management address is reachable

buulam · ‎27-Jul-2022

Ok. I think it may be that your host doesn't have an IP on the 10.10.10.0/24 subnet? VMware Workstation would have installed some VMnet adapters on your local machine and you can assign it an IP address within that subnet so it can communicate via that

~~~~~~~~~~~~~~~~~~
@buulam / YouTube.com/DevCentral

farid95 · ‎27-Jul-2022

precisely vmware created the network 10.10.10.0/24 on my machine

Carte Ethernet VMware Network Adapter VMnet13 :

Suffixe DNS propre à la connexion. . . :
Adresse IPv6 de liaison locale. . . . .: fe80::bce3:aace:8d40:8ea3%31
Adresse IPv4. . . . . . . . . . . . . .: 10.10.10.1
Masque de sous-réseau. . . . . . . . . : 255.255.255.0
Passerelle par défaut. . . . . . . . . :

buulam · ‎27-Jul-2022

I see... have you tried the other network binding methods, bridge, NAT in addition to host-only? And your PC_Client is onto attached to VMnet 13, can it reach the self IP's and VS's?

~~~~~~~~~~~~~~~~~~
@buulam / YouTube.com/DevCentral

farid95 · ‎27-Jul-2022

yes I have already tried but still the same problem

farid95 · ‎27-Jul-2022

Summary of my LAB :

The Networks I created on vmware workstation

Vmnet 11: 192.168.10.0/24, host only

VMnet 13 : 10.10.10.0/24 , host only

Machine F5 sitting :

Network adaptater ----> custom vmnet11

Network adaptater 3 ----> custom vmnet13

External VLAN: interface 1.2, vlan untagged
IP self : 10.10.10.200 , vlan external

ping OK from my pysic machine to management ip 192.168.10.200
ping NOK from my pysic machine to ip self 10.10.10.200 ( allow default , allow all)

buulam · ‎28-Jul-2022

Have you checked the MAC addressing to line up interface 1.2 with vmnet 13? Anything else different you can spot between vmnet 11?

You could go as far as trying to swap them around and re-assigning IP's for troubleshooting purposes as well

~~~~~~~~~~~~~~~~~~
@buulam / YouTube.com/DevCentral

Jonathancert · ‎28-Jul-2022

I want to make sure i understand your problem. I believe you want to connect to your VS in VMware form your physical machine and not through a virtual client within VMware. I've been working on a VMware lab also. I have two LTM in active/standby and one GTM. I am able to ping my VS from mt physical machine and even connect to the VS via a browser. Is it possible your PC firewall could be blocking things. Is this what you are trying to do (see below).

kjl0000@(dscclab-ltm1)(cfg-sync Disconnected)(Active)(/Common)(tmos)# sho ltm virtual

------------------------------------------------------------------
Ltm::Virtual Server: cbt_nuggets_vs
------------------------------------------------------------------
Status
Availability : available
State : enabled
Reason : The virtual server is available
CMP : enabled
CMP Mode : all-cpus
Destination : 192.168.157.50:80

C:\Users\Jonathan>ping 192.168.157.50

Pinging 192.168.157.50 with 32 bytes of data:
Reply from 192.168.157.50: bytes=32 time=1ms TTL=255
Reply from 192.168.157.50: bytes=32 time=1ms TTL=255
Reply from 192.168.157.50: bytes=32 time=1ms TTL=255
Reply from 192.168.157.50: bytes=32 time=1ms TTL=255