Forum Discussion

phellyer_352897's avatar
phellyer_352897
Icon for Nimbostratus rankNimbostratus
Feb 24, 2018

How Does The F5 Handel Traffic Originating From A Service to Clients.

Hi, i am new to F5 and i just had a quick question,

 

i have an f5 it is running a VS for a radius server on port 1812, i can ping the VIP from any client and the Pool is all green and it responds ok so I'm guessing everything is on with comms, my question is this radius server will need proxy requests to other server beyond my f5 but when i ping from my server to a radius server that i need to commincate with does the F5 block this packet, as i don't see anything on the firewall?

 

so traffic flow is new traffic request from My Radius Server--->F5--->Firewall--->Customer Radius Server

 

  • Hi,

     

    I assume that your F5 device has 2 VLAN, the external VLAN where the RADIUS message comes in and the internal VLAN where your RADIUS server is located.

     

    You need to create a VS listening to the internal VLAN of your RADIUS server so your F5 device will pick up the traffic from your RADIUS server. The VS could be the IP Forward type enabled on internal VLAN with destination address 0.0.0.0/0 or the customer RADIUS server's IP address if you want a specific setting.

     

    Good luck!

     

  • Joko_Yuliantor3's avatar
    Joko_Yuliantor3
    Historic F5 Account

    Hi,

     

    I assume that your F5 device has 2 VLAN, the external VLAN where the RADIUS message comes in and the internal VLAN where your RADIUS server is located.

     

    You need to create a VS listening to the internal VLAN of your RADIUS server so your F5 device will pick up the traffic from your RADIUS server. The VS could be the IP Forward type enabled on internal VLAN with destination address 0.0.0.0/0 or the customer RADIUS server's IP address if you want a specific setting.

     

    Good luck!

     

    • phellyer_352897's avatar
      phellyer_352897
      Icon for Nimbostratus rankNimbostratus

      ok i have it working i reversed engineered another partition.

       

      i had to create an irule to snat, i take it all this does is listen to any thing coming in from DNS-RES-Int and snat out to the irule

       

      ltm virtual Outbound_Selective_NAT { destination 0.0.0.0:any ip-forward mask any partition DNS-RES profiles { /Common/fastL4 { } } rules { Selective_Outbound_NAT-v4.4 } source 0.0.0.0/0 translate-address disabled translate-port disabled vlans { DNS-RES-Int } vlans-enabled vs-index 31