FTP and one leg setup - why not working

Hi,

 

I tried to do setup like that:

 

VS in 192.168.1.1/24 network with IP 192.168.1.100 SNAT assigned 192.168.1.200 FTP server IP 192.168.1.110

 

Flow is then:

 

C -> 192.168.1.100:21 <-> 192.168.1.200:high_port -> 192.168.1.110:21

 

Client connecting either passive or active is always refused, based on trace:

 

Passive - client attempt to connect to VS 192.168.1.100: to create data connection - VS is almost immediately sending RST to SYN packet. Backend server is reporting 425 Can't open data connection for transfer of "/"

 

Active - as soon as backend server tries to create connection from port 20 to port passed by BIG-IP in PORT command BIG-IP is not responding to SYN, after 2 repeated SYN BIG-IP is sending RST-ACK, and backend server is again sending 425 Can't open data connection for transfer of "/" over control connection

 

Same VS when accessed from another VLAN is working without issue in both Passive and Active mode.

 

Tested on both v11.2.0HF7 and 13.0.0HF2.

 

Am I missing something important that prevents FTP in one leg configuration?

 

Piotr