Forum Discussion

alex_a's avatar
alex_a
Icon for Nimbostratus rankNimbostratus
Jun 04, 2022

F5 VS PR_CONNECT_RESET_ERROR

Hello everyone,   Its been a while since I worked with F5s (7 years) and currently just getting back into. Im setting up a POC for some testing. I want to use the F5 as a half-proxy so the backen...
  • Nikoolayy1's avatar
    Jun 05, 2022

    What do you mean half-proxy? With F5 SNAT automap there shouldn'r be no issue the firewall to be the default gateway but for some reason you have translate-address disabled and translate-port disabled ? Better read this https://support.f5.com/csp/article/K79443053 as if you are talking about asymetric routing https://support.f5.com/csp/article/K13558 then you will need to fix your TCP profiles.

     

     

    About the RST the first RST seem to be normal and matching https://support.f5.com/csp/article/K95191209 but the second ones "TCP retransmit timeout" as described in https://support.f5.com/csp/article/K13223 seem to me to be caused by the server pool member as F5 is sending the traffic to them without translating the destination ip address and port to the ones that the server has.

     

    I really don't get what are you trying to do as your setup is strange and it is like you are playing in a lab. It is like you are trying to do layer2/3 Virtual server setup but without having your servers share the F5 VS ip address and F5 to have the correct routing or asymetric routing if you plan the return traffic to go directly to the client without F5 but just using SNAT automap and enabling address and port translation https://support.f5.com/csp/article/K8082 should be enough by reading the description of the issue.