Forum Discussion
Mike_Sullivan_2
Nimbostratus
You mentioned ssl offloading. That implies you are not re-encrypting on the backend (If you are encrypting the backend connection, you'll need a server side ssl profile). For offloading, your pool members ought to be setup for port 80 and the VIP needs to have Address Translation and Port Translation enabled.
If the pool members are not using the LTM as the default gateway, enable Source Address Translation Auto Map. Get a dump on the backend to see what's happening there.
Cheers, Mike
kash_49328
Dec 17, 2014Nimbostratus
You are right. No backend encryption, client profile is applied. Address translation, port translation and Automap is already enabled. I am pretty sure its F5 not the server because communication starts at 1700 GMT and first RST i see in the F5 logs ( after enabling the rstcause.log/rstcause.pkt ) is from VIP to client. I do see server's private IP sending RSTs but first its after VIP RSTs.
thanks for your reply