cancel
Showing results for 
Search instead for 
Did you mean: 

Pinging SNAT Address

Brumik
Nimbostratus
Nimbostratus

I am running bigip VE edition 15.1.0.2 and configured a standard SNAT pool and attached to a virtual server.

 

ltm snat-translation /Common/192.168.20.6 {

  address 192.168.20.6

  inherited-traffic-group true

  traffic-group /Common/traffic-group-1

}

ltm snatpool /Common/VSERVER_TEST {

  members {

    /Common/192.168.20.6

  }

}

 

The webserver is up and running and the virtual server is available.

 

However from the webserver I cannot ping 192.168.20.6, but the ARP does resolve:

 

/ # arp -an

? (192.168.20.6) at 0c:6e:a5:be:62:03 [ether] on eth0

? (192.168.20.3) at 0c:6e:a5:be:62:03 [ether] on eth0

? (192.168.20.1) at 0c:6e:a5:be:62:03 [ether] on eth0

 

.1 and .3 are pingable.

 

According to this article https://support.f5.com/csp/article/K05703029 the SNAT is supposed to respond to ICMP, does anyone know if this is actually the case or has the behavior been changed between versions or is there any specific settings to enable this?

 

Thanks in advance.

 

 

 

 

 

2 REPLIES 2

SanjayP
MVP
MVP

Is there a firewall between server and F5? ICMP might be blocked there. If this isn't a case, run tcpdump on F5 and see if traffic reaches there. ​

Brumik
Nimbostratus
Nimbostratus

Hello Sanjay,

There is no firewall, the ping request arrives to the F5 but is not answered. Webserver is directly connected to the F5 via a switch.

Environment is in GNS3 but I dont think this makes a difference. I posted complete config below.

BR

Chris

ltm virtual /Common/http_vserver {

  creation-time 2020-08-18:09:05:39

  destination /Common/192.168.10.1:80

  ip-protocol tcp

  last-modified-time 2021-06-10:18:56:19

  mask 255.255.255.255

  pool /Common/http_pool

  profiles {

    /Common/fastL4 { }

    /Common/http { }

  }

  rules {

    /Common/gestamp

  }

  source-address-translation {

    pool /Common/test_vs

    type snat

  }

  translate-address enabled

  translate-port enabled

  vlans {

    /Common/external

  }

  vlans-enabled

}

 

ltm snat-translation /Common/192.168.20.6 {

  address 192.168.20.6

  inherited-traffic-group true

  traffic-group /Common/traffic-group-1

}

ltm snatpool /Common/test_vs {

  members {

    /Common/192.168.20.6

  }

}