Forum Discussion

kazeem_yusuf1's avatar
kazeem_yusuf1
Icon for Nimbostratus rankNimbostratus
Feb 08, 2017

CAN A PROXY ON A LAN INTERFERE WITH LOCAL LAN TRAFFIC TO A VIRTUAL SERVER?

Can a Proxy configured on the LAN affect traffic from internal users to a Virtual Server?

 

I configured a Virtual Server and allowed firewall access to it. Interestingly, outside users can access the url, and get redirected to the page i requested for,based on the irule configured, but internal users have been unable to access the url.

 

Let's say my url is https://myit.networkershome.com, and my external users can access the website, but internal users can't access the website. However, if i input the actual private ip of the VS on the browser, they can get access to the webpage.

 

I have engaged our Windows team to check for DNS records, however, some argue that it may be due to the proxy configured on our LAN.

 

Who has experienced,such an issue before, and what is the solution

 

apache proxy
application delivery
BIG-IP
client ssl profile
LTM
proxy

1 Reply

Sort By
  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Feb 08, 2017

    Hi Kazeem,

     

    basically you have to check the entire service chain between your client and the pool servers.

     

    Check if the client does forward the request to your proxy? It could be that a PROXY.PAC file has excluded the URL so that the client tries a direct connection to your site.

     

    If the client does send the request to your proxy, then report the error message the proxy is responding. It contains most likely additional information (e.g. DNS errors, Network timeouts, etc.) why the connection can't be established.

     

    If this doesn't help, then you have to access the proxy servers and troubleshoot the connection between the individual proxys and your VIP. Either open a browser on those server or use telnet to probe if the destination IP:Port is reachable (connection can be established). If this fails, then consult the firewall logsfiles and/or review your routing infrastructure for possible asymetric routings.

     

    If the proxy can establish a connection to your VIP but it can't receive a valid response, then check if asymetric routings exist on the way back from the pool members to the proxy servers. Could be a SNAT problem somehow...

     

    Cheers, Kai