Forum Discussion
kash_49328
Dec 16, 2014Nimbostratus
Big IP LTM sending tcp Resets due to SSL handshake time out ?
Hi F5 gurus,
We have a https file transfer going on a daily basis and we are experiencing a big problem here.
Client is a java program and server is behind the F5. We are offloading ssl on F5 so we...
Mike_Sullivan_2
Nimbostratus
You mentioned ssl offloading. That implies you are not re-encrypting on the backend (If you are encrypting the backend connection, you'll need a server side ssl profile). For offloading, your pool members ought to be setup for port 80 and the VIP needs to have Address Translation and Port Translation enabled.
If the pool members are not using the LTM as the default gateway, enable Source Address Translation Auto Map. Get a dump on the backend to see what's happening there.
Cheers, Mike
kash_49328
Dec 17, 2014Nimbostratus
You are right. No backend encryption, client profile is applied. Address translation, port translation and Automap is already enabled. I am pretty sure its F5 not the server because communication starts at 1700 GMT and first RST i see in the F5 logs ( after enabling the rstcause.log/rstcause.pkt ) is from VIP to client. I do see server's private IP sending RSTs but first its after VIP RSTs.
thanks for your reply
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects