tranchungdt5_93
Jul 15, 2009Nimbostratus
Can't ping from Internal Vlan to Internet ?
Hi all.
I have a box BIG-IP LTM (with license both of LTM & LinkController ).
I have 2 ADSL as:
---------------- ------------------
- 203.162.0.1 - - 210.245.0.1 -
---------------- ------------------
| |
| |
| |
---------------------------------------------------
- 203.162.0.4 210.245.0.4 -
- F5 LTM -
- 172.16.1.1
---------------------------------------------------
|
ASA 5550
|
|
Clients
-------------------------------------------------
This diagram need to do these:
1. Link Controler help me domain name for application: mail, web, vpn name.
2. VPN site-to-site from Internet (Cisco Router) to ASA (Vir 203.162.0.7; Vir210.245.0.7).
3. SSL VPN, Ipsec VPN from Internet to ASA (Vir 203.162.0.7)
4. Loadbalance for http, smtp protocol to DMZ server. (Vir 203.162.0.5, 2; Vir210.245.0.5)
5. Client from Internal vlan can go to Internet by 2 ADSL line
And the IP forwarding for ASA to outbound with SNAT. SNAT make BIG-IP choose correct gate-way to go out. SNAT enable in internal vlan.
Default-gateway of BIG-IP is pool (203.162.0.1; 210.245.0.1) .
And these are the value for varialbe.
Box
F5LTM 3400-01
Tham số
Giá trị
VLANs
ExtLeaseline1
ExtLeaseline2
Internal
Self IPs
ExtLeaseline1: 203.162.0.2/28 FloadingIP: 203.162.0.1
ExtLeaseline2: 210.245.0.2/28 FloadingIP: 210.245.0.1
Internal: 172.30.1.4/24 FloadingIP: 172.30.1.3
A default Gateway pool
Pool with member
203.162.0.1
210.245.0.1
Links
Primary: 203.162.0.1
Secondary: 210.245.0.1
Outbound SNAT
Snat_ Automap with InternetVlan
Pool
• Pool_Web Member: 172.30.1.6 (172.30.1.6 is Nat ip address of ASA for Web server)
• Pool_Mail Member: 172.30.1.7 (172.30.1.7 Nat ip address of ASA for MailServer)
• Pool_VPN Member: 172.30.1.1
• Pool_Router Member: 203.162.0.4; 210.245.0.4
Virtual Servers
• VS_Web1: 203.162.0.5 (80) Pool: Pool_Web
• VS_Web2: 210.245.0.5 (80) Pool: Pool_Web
• VS_Mail: 203.162.0.6 (*) Pool: Pool_Mail
• VS_VPN: 203.162.0.7 (*) Pool: Pool_VPN
Listeners
ListernerOutbound1: 203.162.0.1
ListernerOutbound2: 210.245.0.1
Wide IPs
• www.baoviet.com.vn
o Member: VS_Web1, VS_Web2.
• mail.baoviet.com.vn
o Member: VS_Mail.
• vpn.baoviet.com.vn
o Member: VS_VPN.
Outbound VS
• VS_Outbound: 0.0.0.0
o IP Forwarding
o Lasthop Pool: Pool_Outbound
Could you tell me this config is correct for boxF5 ?
When I configed this, I ‘ve checked it okia. But Client from Internal, or ASA can’t ping to Internet (they still telnet, or access Web...). I check SOL9616 solution from ask f5 and upgrade my box to ver 9.4.7 but it still can't ping to Internet.
Could you help me, plz
Thanks & Regards