Forum Discussion
kash_49328
Nimbostratus
NimbostratusBig IP LTM sending tcp Resets due to SSL handshake time out ?
Hi F5 gurus,
We have a https file transfer going on a daily basis and we are experiencing a big problem here.
Client is a java program and server is behind the F5. We are offloading ssl on F5 so we...
Mike_Sullivan_2Nimbostratus
NimbostratusYou mentioned ssl offloading. That implies you are not re-encrypting on the backend (If you are encrypting the backend connection, you'll need a server side ssl profile). For offloading, your pool members ought to be setup for port 80 and the VIP needs to have Address Translation and Port Translation enabled.
If the pool members are not using the LTM as the default gateway, enable Source Address Translation Auto Map. Get a dump on the backend to see what's happening there.
Cheers, Mike
kash_49328You are right. No backend encryption, client profile is applied. Address translation, port translation and Automap is already enabled. I am pretty sure its F5 not the server because communication starts at 1700 GMT and first RST i see in the F5 logs ( after enabling the rstcause.log/rstcause.pkt ) is from VIP to client. I do see server's private IP sending RSTs but first its after VIP RSTs. thanks for your reply- kash_49328Also this VIP works well with other clients. This is only for particular one client.
