Forum Discussion
noto1025
Nimbostratus
NimbostratusHelp with excessive RST and Port denied issues
Just setup a big IP trial in my VMware lab.
I have a SELF IP on the external interface and one on the internal. I created a pool with three web servers on the internal side and I made a virtual server point to that pool. Everything looks green in the F5. I'm able to ping the web servers from the BIG IP and the machine i'm conecting from as well. But in the logs I'm seeing constant TCP resets from the F5 external IP to both my ESXi hosts. Also seeing a lot of port denied errors. Needless to say when I try to connect the the VIP it just times out even though a port scan shows port 80 open.
a show /net rst-cause shows this and its only about 20 minutes since I reset all the counters.
------------------------------------------
TCP/IP Reset Cause
RST Cause: Count
------------------------------------------
No flow found for ACK 186
Port denied 1580
RST from BIG-IP internal Linux host 115
TCP RST from remote system 0
TCP retransmit timeout 12
handshake timeout 0
Also seeing No flow found for ACK messages from my internal Self IP to the web server IPs
What is going on and what have I done wrong???
- zamroni777
Nacreous
it's very likely the tcp health monitor of the pool.
add rule in the firewall to allow the traffic. 
noto1025The health monitor wasnt even turned on. Also is that an irule or where do I add the firewall rule?
thanks
- zamroni777
it's better to collect the tcpdump so you can see the details
and pool health monitor is manadatory to make lb works properly.
