Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Is InterVLAN Routing possible in F5

Go to solution
Nitesh
Cirrus
Cirrus

‎20-Aug-2021 12:57

 

From below topology i want to ping from TEST_PC to firewall interface IP(172.16.3.254). From same TEST_PC i can ping WEB_SERVER. I am not sure why ping to firewall is not working. I have ping policy associated with Firewall interface. Reverse routing is in place on firewall pointing towards HA IP(172.16.3.100). Is InterVLAN routing even possible in LB ?

0691T00000DyrFaQAJ.png 

 

Thanks

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Mike757
MVP
MVP
In response to Nitesh

‎21-Aug-2021 09:57

Instead of "destination 172.16.3.254:any" use "0.0.0.0/0:any". This creates a full router without filter on source or destination IPs. The kernel's routing table is used to forward traffic.

View solution in original post

5 REPLIES 5

Go to solution
Nitesh
Cirrus
Cirrus

‎20-Aug-2021 21:38

It started working after doing below config. But i couldn't ping to 172.16.1.x from 172.16.2.x. I tried changing destination ip to 0.0.0.0/0 or 172.16.0.0/16 but it didnt work.

 

ltm virtual Forwading_VS_MGMTPC {

   creation-time 2021-08-20:21:22:48

   destination 172.16.3.254:any

   ip-forward

   ip-protocol tcp

   last-modified-time 2021-08-21:10:00:37

   mask 255.255.255.255

   profiles {

       fastL4 { }

   }

   serverssl-use-sni disabled

   source 0.0.0.0/0

   source-address-translation {

       type automap

   }

   translate-address disabled

   translate-port disabled

   vs-index 6

}

 

0 Kudos

Go to solution
Nitesh
Cirrus
Cirrus

‎20-Aug-2021 21:41

Ho to configure Forwading VIP such as i can ping any IP addresses ? Futhermore i believe AutoMap doesn't play any role in Forwading VS. I tried packet capture and could see same source and dest ip. Source IP not getting translated.

0 Kudos

Go to solution
Mike757
MVP
MVP
In response to Nitesh

‎21-Aug-2021 09:57

Instead of "destination 172.16.3.254:any" use "0.0.0.0/0:any". This creates a full router without filter on source or destination IPs. The kernel's routing table is used to forward traffic.

Go to solution
CA_Valli
MVP
MVP
In response to Mike757

‎24-Aug-2021 03:29

This should work. F5 is a default-deny device meaning all traffic that does not match a Listener (Virtual Server in this case) or an active connection in table will be dropped.

 

To route packets, as Mike said, you will need to configure a VS with target network as your destination address. This can be anything, from a single IP 172.16.1.1:any to a network 172.16.0.0/16:any to 0.0.0.0/0:any that will match all traffic. If you want to filter which clients can talk with said network, you can modify "source" and "VLAN" options so that only clients whose traffic comes from a specific netowrk or on a specific VLAN will match the Routing VS.

 

AutoMap will NAT your Client IP with F5 self-ip address on the VLAN where traffic is routed. For non-connected networks you should specify routes in Network>Routes section. You can confirm which interface is used for egress with bash command "ip route get x.x.x.x"

Go to solution
Nitesh
Cirrus
Cirrus

‎06-Sep-2021 04:27 - last edited on ‎24-Mar-2022 02:12 by Fog

  Thankyou very much

0 Kudos
Copyright © 2023 Khoros, LLC