Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

This is a related question when using Performance L4 as a forwarding IP.

Go to solution
hakeemkim
Altocumulus
Altocumulus

‎05-Dec-2022 23:19

hello Sir.
Thank you for your help.

hakeemkim_2-1670310611760.png

hakeemkim_3-1670310642556.png

[No Pool]

I know that when the [Address Translation ] option is [Disalbed], it works normally.

hakeemkim_4-1670310862745.png

 

I would like to know what Flow does not work when the Address Translation option is Enabled

Why reply admin-prohibited?

admin-prohibited is set when setting like a firewall
Isn't that a response phrase?

hakeemkim_5-1670310898534.png

 

 

hakeemkim_7-1670310960120.png

 

 

 

 

 

 

Labels:
0 Kudos
2 ACCEPTED SOLUTIONS

Go to solution
xuwen
MVP
MVP

‎06-Dec-2022 01:09

Address Translation, when checked (enabled), that the system translates the address of the virtual server. When cleared (disabled), specifies that the system uses the address without translation. This option is useful when the system is load balancing devices that have the same IP address. The default is enabled.

your VS not have a pool, when you enable Address Translation, the system can not translate the clientside dst ip to serverside pool member address

tcpdump packet find icmp type 3 code 9 official definition is "Destination network administratively prohibited"

View solution in original post

Go to solution
Nikoolayy1
MVP
MVP
In response to xuwen

‎06-Dec-2022 14:35

Also with TCP RST logs enabled I think in the LTM log it will be "No server selected" https://support.f5.com/csp/article/K13223.

View solution in original post

5 REPLIES 5

Go to solution
xuwen
MVP
MVP

‎06-Dec-2022 01:09

Address Translation, when checked (enabled), that the system translates the address of the virtual server. When cleared (disabled), specifies that the system uses the address without translation. This option is useful when the system is load balancing devices that have the same IP address. The default is enabled.

your VS not have a pool, when you enable Address Translation, the system can not translate the clientside dst ip to serverside pool member address

tcpdump packet find icmp type 3 code 9 official definition is "Destination network administratively prohibited"

Go to solution
Kai_Wilke
MVP
MVP
In response to xuwen

‎06-Dec-2022 03:07

Awesome response. Very precise analysis 😉

Cheers, Kai


iRule can do… 😉

Go to solution
Nikoolayy1
MVP
MVP
In response to xuwen

‎06-Dec-2022 14:35

Also with TCP RST logs enabled I think in the LTM log it will be "No server selected" https://support.f5.com/csp/article/K13223.

Go to solution
hakeemkim
Altocumulus
Altocumulus
In response to Nikoolayy1

‎06-Dec-2022 16:44

Thank you sir for all your replies.
This solution link helped me a lot.

0 Kudos

Go to solution
Mohamed_Ahmed_Kansoh
MVP
MVP

‎06-Dec-2022 01:28

hello @hakeemkim , 
Strange design for me ! 

> the Flow shouldn’t work with you when enabling (Address Translation) because you need to specify a "IP" address through F5 " I mean to create Virtual server with an ip address not wildcard/any address and in this case you should configure " 20.0.0.80 " as a pool member. 

> you can configure a Forwarding virtual server instead of Performance layer 4 , to be fit with your needs this is my opinion. 

> If you want to test only icmp packets , I have another idea to do it with performance layer 4 virtual sevrer 

1- you put an Ip address 

2- change " protocol profilr client " from ( FastL4 to anyip ) and update your changes. 
3- do not forget to assign "20.0.0.80" as a pool for this VS

4- Go to (Local traffic >>> virtual servers >>> virtual address list >>> choose the modified virtual server address from list )
5- Go down under Configuration , you will see " icmp echo  " equal "Always" change it to be "Disabled" and update. 

Ping traffic can be sent and recieved via F5 from client to node and returned back replay from node to client. 
> you can achieve it by standard virtual server " without http profile " and Fast layer 4 VS


> may I misses some points with your inquiry ,I replied bepending on my understanding ,  you can clarify more to be able to help more. 

Regards

_______________________
Regards
Mohamed Kansoh
Copyright © 2023 Khoros, LLC