Forum Discussion

igor_'s avatar
igor_
Icon for Cirrus rankCirrus
May 12, 2025
Solved

F5 ERR_CONNECTION_RESET

Hello,

We are trying to expose our backend application, which is behind a Windows IIS reverse proxy. Based on URL rewrite rules which look for host header and than route the call to the backend.

When trying to open the URL, from inside our network, from another server we get the requested page in firefox web browser.

When trying the same URL from F5 CLI, we also get the expected page.

But when trying from the Internet, we get ERR_CONNECTION_RESET from Chrome and Firefox.

What have we checked?

F5 is doing the TLS termination, and we have a valid certificate in place.

The node and pool are green.

SSL Profile (Server) < serverssl > is assigned because communication to the pool is HTTPS.

 

The call never reaches Windows IIS.

 

Is there anything else what we can check?

 

Thanks in advance,

Igor

application delivery
devops
  • Tofunmi's avatar
    Tofunmi
    May 12, 2025

    Did you take a packet capture? You should see the reason for the reset on the capture.

    tcpdump -nni 0.0:nnnp -s0 host X.X.X.X and port XXXX -w/var/tmp/capture.pcap

    Enabling these could help as well.

    1. Log in to the TMOS Shell (tmsh) by entering the following command:tmsh
    2. To configure the BIG-IP system to log the TCP RST cause in the /var/log/ltm file, you must enable the TM.RstCause.Log database variable by entering the following command:modify /sys db tm.rstcause.log value enable
    3. Optional: To configure the BIG-IP system to include the RST cause information in the TCP RST packet payload, you must enable the TM.RstCause.Pkt database variable by entering the following command:modify /sys db tm.rstcause.pkt value enable

    https://my.f5.com/manage/s/article/K13223

     

2 Replies

  • igor_'s avatar
    igor_
    Icon for Cirrus rankCirrus
    May 12, 2025

    Thanks, there was an error on the network side. After fixing the app was back online.

     

    BR,

    Igor

  • Tofunmi's avatar
    Tofunmi
    Icon for MVP rankMVP
    May 12, 2025

    Did you take a packet capture? You should see the reason for the reset on the capture.

    tcpdump -nni 0.0:nnnp -s0 host X.X.X.X and port XXXX -w/var/tmp/capture.pcap

    Enabling these could help as well.

    1. Log in to the TMOS Shell (tmsh) by entering the following command:tmsh
    2. To configure the BIG-IP system to log the TCP RST cause in the /var/log/ltm file, you must enable the TM.RstCause.Log database variable by entering the following command:modify /sys db tm.rstcause.log value enable
    3. Optional: To configure the BIG-IP system to include the RST cause information in the TCP RST packet payload, you must enable the TM.RstCause.Pkt database variable by entering the following command:modify /sys db tm.rstcause.pkt value enable

    https://my.f5.com/manage/s/article/K13223