Forum Discussion
F5 VS PR_CONNECT_RESET_ERROR
- Jun 05, 2022
What do you mean half-proxy? With F5 SNAT automap there shouldn'r be no issue the firewall to be the default gateway but for some reason you have translate-address disabled and translate-port disabled ? Better read this https://support.f5.com/csp/article/K79443053 as if you are talking about asymetric routing https://support.f5.com/csp/article/K13558 then you will need to fix your TCP profiles.
About the RST the first RST seem to be normal and matching https://support.f5.com/csp/article/K95191209 but the second ones "TCP retransmit timeout" as described in https://support.f5.com/csp/article/K13223 seem to me to be caused by the server pool member as F5 is sending the traffic to them without translating the destination ip address and port to the ones that the server has.
I really don't get what are you trying to do as your setup is strange and it is like you are playing in a lab. It is like you are trying to do layer2/3 Virtual server setup but without having your servers share the F5 VS ip address and F5 to have the correct routing or asymetric routing if you plan the return traffic to go directly to the client without F5 but just using SNAT automap and enabling address and port translation https://support.f5.com/csp/article/K8082 should be enough by reading the description of the issue.
What do you mean half-proxy? With F5 SNAT automap there shouldn'r be no issue the firewall to be the default gateway but for some reason you have translate-address disabled and translate-port disabled ? Better read this https://support.f5.com/csp/article/K79443053 as if you are talking about asymetric routing https://support.f5.com/csp/article/K13558 then you will need to fix your TCP profiles.
About the RST the first RST seem to be normal and matching https://support.f5.com/csp/article/K95191209 but the second ones "TCP retransmit timeout" as described in https://support.f5.com/csp/article/K13223 seem to me to be caused by the server pool member as F5 is sending the traffic to them without translating the destination ip address and port to the ones that the server has.
I really don't get what are you trying to do as your setup is strange and it is like you are playing in a lab. It is like you are trying to do layer2/3 Virtual server setup but without having your servers share the F5 VS ip address and F5 to have the correct routing or asymetric routing if you plan the return traffic to go directly to the client without F5 but just using SNAT automap and enabling address and port translation https://support.f5.com/csp/article/K8082 should be enough by reading the description of the issue.
- alex_aJun 06, 2022Nimbostratus
Thank you very much for the reply. This helped a lot.
I am trying to set up a Layer 7 HTTP VS purely for load balancing purposes.
I do not want to use the F5 as a full-proxy. I dont want to create a L4 VS as I want to be able to terminate SSL on the F5.
That was what I was missing the address and port translation.
- Nikoolayy1Jun 06, 2022MVP
Perfect as mentioned the first reset was probably the health monitor and the second one was because you did not use address translation and F5 couldn't make the server selection based on pool and routing and this why it seemed like F5 is sending TCP RST to itself. You can configure the same up addresses on the servers as the F5 vip wildcards using the servers loop back but this is if you decide to play around after some time after you have returned to the F5's world 😀
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com