Base BIG-IP Configuration ------------------------- In this lab, the VE has been configured with the basic system settings and the VLAN/self-IP configurations required for the BIG-IP to communicate and pass traffic on the network. We will now need to configure the BIG-IP to listen for traffic and pass it to the back-end server. 1. Launch the Chrome shortcut titled “BIG-IP UI” on the desktop of your lab jump server. For this lab you will be working on bigip1.dnstest.lab (http://192.168.1.100). The credentials for the BIG-IP are conveniently displayed in the login banner. Just in case: **admin / 401elliottW!** 2. Navigate to **Local Traffic** > **Nodes** and create a new node with the following settings, leaving unspecified fields at their default value: - Name: lab-server-10.10.0.50 - | Address: 10.10.0.50 | |image51| 3. Click **Finished** to add the new node. 4. Navigate to **Local Traffic** > **Pools** and create a new pool with the following settings, leaving unspecified attributes at their default value: - Name: lab-server-pool - Health Monitors: gateway_icmp - New Members: Node List - Address: lab-server-10.10.0.50 - Service Port: \* (All Services) - | Click **Add** to add the new member to the member list. | |image52| 5. Click **Finished** to create the new pool. 6. Because the attack server will be sending a huge amount of traffic, we’ll need a large SNAT pool. Navigate to **Local Traffic** > **Address Translation** > **SNAT Pool List** and create a new SNAT pool with the following attributes: - Name: inside_snat_pool - | Member List (click Add after each IP): | 10.10.0.125, 10.10.0.126, 10.10.0.127, 10.10.0.128, 10.10.0.129, 10.10.0.130 - | Click Finished | |image53| 7. Navigate to **Local Traffic** > **Virtual Servers** and create a new virtual server with the following settings, leaving unspecified fields at their default value: - Name: udp_dns_VS - Destination Address/Mask: 10.20.0.10 - Service Port: 53 (other) - Protocol: UDP - Source Address Translation: SNAT - SNAT Pool: inside_snat_pool - Default Pool: lab-server-pool 8. | Click Finished | |image54| 9. We’ll now test the new DNS virtual server. SSH into the attack host by clicking the “Attack Host (Ubuntu)” icon on the jump host desktop. 10. | Issue the ``dig @10.20.0.10 www.example.com +short`` command on the BASH CLI of the attack host. You should see output similar to: | |image55| | This verifies that DNS traffic is passing through the BIG-IP. 11. Return to the BIG-IP and navigate to **Local Traffic** > **Virtual Servers** and create a new virtual server with the following settings, leaving unspecified fields at their default value: - Name: other_protocols_VS - Destination Address/Mask: 10.20.0.10 - Service Port: \* (All Ports) - Protocol: \* All Protocols - Any IP Profile: ipother - Source Address Translation: SNAT - SNAT Pool: inside_snat_pool - Default Pool: lab-server-pool 12. | Click Finished | |image56| 13. Return to the Attack Host SSH session and attempt to SSH to the server using SSH 10.20.0.10. Simply verify that you are prompted for credentials and press CTRL+C to cancel the session. This verifies that non-DNS traffic is now flowing through the BIG-IP. .. |image51| image:: /_static/class1/image49.png :width: 3.94702in :height: 3.80739in .. |image52| image:: /_static/class1/image50.png :width: 4.75828in :height: 4.42937in .. |image53| image:: /_static/class1/image51.png :width: 4.72535in :height: 3.47384in .. |image54| image:: /_static/class1/image52.png :width: 3.80731in :height: 8.22517in .. |image55| image:: /_static/class1/image53.png :width: 6.16667in :height: 0.44444in .. |image56| image:: /_static/class1/image54.png :width: 4.73472in :height: 6.057in