CGNAT with DS-lite and LSN
Hey, so we have setup DS-Lite with CGNAT according to this in our lab: https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/cgn-implementations-11-5-0/14.html Running version 17.1.1.1. Interface setup: ipv4.selfip 192.168.245.245/24(external if, ipv4.vlan) ipv6_INET-selfip 2001:2040:c000:1:f5f5:f5f5:f5f5:f5f5/64(client facing, ip6_INET.vlan) ds.selfip 192.0.0.1/24( ds-tunnel) CGNAT VS created according to above tech-doc. LSN- Pool created with: NAPT Persistance: Address Port Persistance Timeout: 30 (for testing) Inbound Connections: Automatic ICMP Echo: enabled Egress interfaces: ipv4.vlan Members list: 172.16.0.4/30 DS-tunnel created with: Profile dslite Local Address: same as ipv6_INET-selfip Remote Address Any The NAT-process works fine, the traffic comes in and gets NAT:ed to the pool (i.e. 172.16.0.4). The traffic also reaches the target, in this case 192.168.245.240. This endpoint in turn has a return-route for traffic back to the F5 for the 172.16.0.4/30 network. So it responds to the traffic, however here is where we hit the curb. The F5 simply resets the traffic once recieving the syn ack, "internal error sending packet to peer". So it's like it has forgotten the fact that it did the NAT. However when verifying "tmsh show sys connection all-properties" we can see both the IPv6 and IPv4 connections. Does anyone have any tips and tricks for this? Are we missing something? /Ted