Forum Discussion

kash_49328's avatar
kash_49328
Icon for Nimbostratus rankNimbostratus
Dec 16, 2014

Big IP LTM sending tcp Resets due to SSL handshake time out ?

Hi F5 gurus, We have a https file transfer going on a daily basis and we are experiencing a big problem here. Client is a java program and server is behind the F5. We are offloading ssl on F5 so we...
application delivery
cisco
LTM
management
performance
TMSH
Mike_Sullivan_2's avatar
Mike_Sullivan_2
Icon for Nimbostratus rankNimbostratus

You mentioned ssl offloading. That implies you are not re-encrypting on the backend (If you are encrypting the backend connection, you'll need a server side ssl profile). For offloading, your pool members ought to be setup for port 80 and the VIP needs to have Address Translation and Port Translation enabled.

 

If the pool members are not using the LTM as the default gateway, enable Source Address Translation Auto Map. Get a dump on the backend to see what's happening there.

 

Cheers, Mike

 

kash_49328's avatar
kash_49328
Icon for Nimbostratus rankNimbostratus
Dec 17, 2014
You are right. No backend encryption, client profile is applied. Address translation, port translation and Automap is already enabled. I am pretty sure its F5 not the server because communication starts at 1700 GMT and first RST i see in the F5 logs ( after enabling the rstcause.log/rstcause.pkt ) is from VIP to client. I do see server's private IP sending RSTs but first its after VIP RSTs. thanks for your reply