Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

How do I source an ICMP ping echo from virtual server IP?

John_K_375235
Nimbostratus
Nimbostratus

‎23-Oct-2018 11:19

I have a virtual server on an LTM with an IP of 10.5.42.115. It is communicating over an IP sec VPN tunnel to a customer in AWS. The VIP is the only host in the encryption domain (SA) on our side. AWS cannot initialize a VPN, they only respond. Therefore when the tunnel times out I have to send them a packet from 10.5.42.115 to bring the tunnel back up. I have a loopback on a switch behind my ASA (VPN endpoint) with 10.5.42.115 assigned to it in a down state. When the tunnel goes down I have to no shut the loopback and ping a server on their side to bring it back up. I then have to no shut the loopback so that the traffic actually gets to the F5. I have to imagine theres a way the F5 can resolve my problem. I am thinking an iRule.

 

TLDR: I need to send an ICMP echo ping from a virtual server IP address periodically to keep a VPN tunnel alive.

 

Labels:
0 Kudos
1 REPLY 1

rob_carr
Cirrostratus
Cirrostratus

‎23-Oct-2018 19:13

The ping utility doesn't seem to like virtual server addresses or floating self IP addresses when using the '-I' flag, so I don't think you can -directly- generate ICMP traffic from an F5 using a virtual server address.

 

I think you can create a forwarding virtual server, and apply a SNAT to the traffic handled by the virtual server, where the source translation address is the desired virtual server address. Then you just need something 'behind' the F5 to generate the ICMP traffic.

 

https://support.f5.com/csp/article/K7366

 

0 Kudos
Copyright © 2023 Khoros, LLC