SOLVED by using a SNAT pool instead of Automap. Still scratching my head at to why Automap failed. I was able to get a full packet capture on the external interface that showed the internal self IP as the source (my expectation was that the external self ip would be the source). That was obviously not going to work.I am still curious if you have any ideas why Automap failed to translate the source IP. Thank you,
_ _ _ _
Hello, I am setting up a virtual IP forwarding server in a lab environment so my servers can communicate to repos on the internet. So far, it has not been working.
Be able ping google dns or curl example.com. Traffic flow should be: request from the ubuntu server sent to default gateway (10.2.0.155, the floating ip of the big-ip), IP forward server recognized and acts as router (destination on forward server set to 0.0.0.0/0), SNAT automap to change src IP to external self ip on 192.168.168.0/24 subnet - basically a dmz (am i correct that snat changes source IP to the self-ip on the external vlan interface?), out firewall to destination.
http/ icmp requests outbound to the internet from the servers results in 100% packet loss. TCPdump on the internal interface shows the communications between the server and F5 but it seems like it gets lost right there and not forwarded, as if the virtual forwarding server is not found. Traceroute shows the same result-- stuck at the big-IP. Wireshark on the external network (192.168.168.0/24 subnet) shows no trace of the packets out (my query is for ip.addr == <self ip of the external interface on f5> (again, please let me know if I have made a wrong assumption here).
A few other notes:
Communication from the big-ip (pinging google dns from the CLI) is functional with no packet loss.
Inbound requests to single virtual server serve up the webpage as expected.
Any help or troubleshooting tips are much appreciated! Thanks,
UPDATE: statistics for the virtual server show 627 packets in and only 5 out.