Forum Discussion

AK_1947's avatar
AK_1947
Icon for Nimbostratus rankNimbostratus
Jan 23, 2023
Solved

Public IP address display

Hello guys,

I have question about one situation.
I actually for own partner, they use tool (url) to display the public IP address.

They got two F5 ASM, for one, everything is OK the public Ip is displayed. The second one, we got the self-IP address. We already check the configuration and all.

Any idea to try to fix it ?

Version Appliance : 14.1.5.6

  • Hi AK_1947 , 
    It’s a strange thing , because you can’t see the Self/floating ip addresses instead of the public or original source ip of the client. 
    The only way to see that if you have TWO f5 in one path or behind each other Like the below snap-shot : 

    I think there is a misconfiguration in network design , because the above snap shot is the only possibility to see the self/floating sends traffic if you use the ( SNAT ->> auto map ) option in the first F5-ASM1 Appliance. 

    So check it again , no further configuration to do from F5 side , the only thing is to check and review your network design configuration and traffic flow paths. 

  • Hi AK_1947 - did Mohamed_Ahmed_Kansoh or Paulius's replies help you out, or are you still struggling? If one of their replies helped solve your issue, please click "Accept as Solution" so other users with the same issue can find the answer in the future. 🙂

9 Replies

  • AK_1947 Is this public IP a NAT on a firewall that is translating the self-IP to a public IP? I'm unsure what public IP you are referring to or the tool that you are using to gather this information. If you can provide some additional information we should be able to assist you further.

    • AK_1947's avatar
      AK_1947
      Icon for Nimbostratus rankNimbostratus

      In fact to try to give more details and clarifications on the case, I resume.
      We have an architecture with two F5 ASM appliances, to facilitate the work of our partner and collaborator, we have deployed a web application to have the public address from home.
      This link is often sent to partners to retrieve this information. It is to authorize them to give them access to certain application that we put at their disposal.

      This is where we find ourselves in this case, without really knowing what is wrong. Knowing as said, that we have the same configuration with the second F5 ASM of the other site. If we switch the flow on the latter everything works. Example my public ip will show normally.

      We use automap on both on LTM VS configuration.

      Below both screen about the case

  • Hi AK_1947

    If this available with you , can you share the design of your network , also can you clarify if both of F5 ASM appliances dependant to each other in one flow traffic pass for traffic or independantly separted and each one work alone. 
    so I need more clarification. 

    If one of your F5 appliances behind the other and you enable SNAT automap , of course you will see the user public real ip in the first F5 and by SNAT with Automap you will see the traffic sourced by first F5 self ip to the second F5 appliance which i suspect that it’s behind it.

    Aslo , What I understood from you that Public ip for the Client " in home or via internet " appears as a public ip/original ip via one of devices and the other display a private or self ip instead of public one.


    • AK_1947's avatar
      AK_1947
      Icon for Nimbostratus rankNimbostratus

      Let's try to explain it.
      We got a cluster in active/passive mode , active member the self-Ip address is display. When the second one is active and the first is passive mode, all is Ok. We got the right information (the public ip address) when we try to access on the link.

      Both are behind the Firewall, we use NAT rule, we got the same configuration. The only change is, the first one, we flow in dedicated WAN line. But that would not be the cause I think so.

      Apologize for my English, I do my best. If the context isn't clear, I will add more to make it clear.

      Thank you for you help

      • Hi AK_1947 , 
        Is IP : 10.135.0.53 the self ip address that you mean it appears to you instead public ip address  ? 

        Also , Do you mean that Public IP of user should be appear instead of self ip address ? 

        Also , Do you monitor this behavior by ASM Event logs or explain how does the tool (url) work ? 

        I will follow up your request after clarifying more.

  • Hi AK_1947 - did Mohamed_Ahmed_Kansoh or Paulius's replies help you out, or are you still struggling? If one of their replies helped solve your issue, please click "Accept as Solution" so other users with the same issue can find the answer in the future. 🙂