Forum Discussion

hakeemkim's avatar
hakeemkim
Icon for Altocumulus rankAltocumulus
Dec 06, 2022
Solved

This is a related question when using Performance L4 as a forwarding IP.

hello Sir.
Thank you for your help.

[No Pool]

I know that when the [Address Translation ] option is [Disalbed], it works normally.

 

I would like to know what Flow does not work when the Address Translation option is Enabled

Why reply admin-prohibited?

admin-prohibited is set when setting like a firewall
Isn't that a response phrase?

 

 

 

 

 

 

 

 

  • Address Translation, when checked (enabled), that the system translates the address of the virtual server. When cleared (disabled), specifies that the system uses the address without translation. This option is useful when the system is load balancing devices that have the same IP address. The default is enabled.

    your VS not have a pool, when you enable Address Translation, the system can not translate the clientside dst ip to serverside pool member address

    tcpdump packet find icmp type 3 code 9 official definition is "Destination network administratively prohibited"

5 Replies

  • xuwen's avatar
    xuwen
    Icon for Cumulonimbus rankCumulonimbus

    Address Translation, when checked (enabled), that the system translates the address of the virtual server. When cleared (disabled), specifies that the system uses the address without translation. This option is useful when the system is load balancing devices that have the same IP address. The default is enabled.

    your VS not have a pool, when you enable Address Translation, the system can not translate the clientside dst ip to serverside pool member address

    tcpdump packet find icmp type 3 code 9 official definition is "Destination network administratively prohibited"

  • hello hakeemkim , 
    Strange design for me ! 

    > the Flow shouldn’t work with you when enabling (Address Translation) because you need to specify a "IP" address through F5 " I mean to create Virtual server with an ip address not wildcard/any address and in this case you should configure " 20.0.0.80 " as a pool member. 

    > you can configure a Forwarding virtual server instead of Performance layer 4 , to be fit with your needs this is my opinion. 

    > If you want to test only icmp packets , I have another idea to do it with performance layer 4 virtual sevrer 

    1- you put an Ip address 

    2- change " protocol profilr client " from ( FastL4 to anyip ) and update your changes. 
    3- do not forget to assign "20.0.0.80" as a pool for this VS

    4- Go to (Local traffic >>> virtual servers >>> virtual address list >>> choose the modified virtual server address from list )
    5- Go down under Configuration , you will see " icmp echo  " equal "Always" change it to be "Disabled" and update. 

    Ping traffic can be sent and recieved via F5 from client to node and returned back replay from node to client. 
    > you can achieve it by standard virtual server " without http profile " and Fast layer 4 VS


    > may I misses some points with your inquiry ,I replied bepending on my understanding ,  you can clarify more to be able to help more. 

    Regards