Forum Discussion
NimbostratusIssue with BIG-IP Initial Configuration .
I setup LTM according to article https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-system-initial-configuration-11-6-0/1.htmlunique_1616379767 . According to BIG-IP XUI everything looks fine. All Virtual Servers & nodes & pool are green , but can not access to Virtual Server from browser https://10.100.223.200:8443 (VS- pool - 2 nodes). According to netstat output port 8443 is not open . Could you please help to troubleshoot the issue .
tmsh list /ltm
ltm default-node-monitor {
rule icmp
}
ltm dns analytics global-settings { }
ltm dns cache global-settings { }
ltm dns nameserver ns93 {
address 10.100.93.1
route-domain 0
}
ltm global-settings connection { }
ltm global-settings general {
maintenance-mode enabled
snat-packet-forward enabled
}
ltm global-settings traffic-control { }
ltm node node01 {
address 10.100.222.41
description node01
logging enabled
session monitor-enabled
state up
}
ltm node node02 {
address 10.100.222.42
description node02
logging enabled
session monitor-enabled
state up
}
ltm persistence global-settings { }
ltm persistence source-addr PCOIP {
app-service none
defaults-from source_addr
}
ltm pool http_pool {
members {
node01:http {
address 10.100.222.41
session monitor-enabled
state up
}
node02:http {
address 10.100.222.42
session monitor-enabled
state up
}
}
monitor gateway_icmp
}
ltm profile client-ssl RAA-cert-test {
app-service none
cert default.crt
cert-key-chain {
default {
cert default.crt
key default.key
}
}
chain none
defaults-from clientssl
inherit-certkeychain true
key default.key
passphrase none
}
ltm profile http XFF {
app-service none
defaults-from http
proxy-type reverse
}
ltm profile server-ssl ccmqa.com-ssl-test {
app-service none
defaults-from serverssl
}
ltm rule DirectAccess_NLS {
when HTTP_REQUEST {
HTTP::respond 200
}
}
ltm virtual http_vs02 {
destination 10.100.223.20:http
ip-protocol tcp
mask 255.255.255.255
pool http_pool
profiles {
tcp { }
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 8
}
ltm virtual https_vs01 {
destination 10.100.223.15:https
ip-protocol tcp
mask 255.255.255.255
pool http_pool
profiles {
RAA-cert-test {
context clientside
}
tcp { }
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 7
}
ltm virtual vs03_https {
destination 10.100.223.200:pcsync-https
ip-protocol tcp
mask 255.255.255.255
persist {
ssl {
default yes
}
}
pool http_pool
profiles {
RAA-cert-test {
context clientside
}
tcp { }
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 9
}
10 Replies
IainThomson85_1Cumulonimbus
Doesn't seem to be anything blindingly obvious in the config you've shared.
When you say you can't access it - What are you getting ?
For troubleshooting purposes I would recommend running a TCP dump on the F5 and seeing if TCP level traffic is hitting the vip
tcpdump -i 0.0 host 10.100.223.200 and port 8443
gsandu_255860What process shall listen to port of the virtual server?- gsandu_255860Thank you for all your assistance . I really appreciate your help in resolving the problem.
- gsandu_255860
10.100.223.200.8443 > 10.100.223.100.42898: Flags [R.], cksum 0xd40f (incorrect -> 0x3414), seq 0, ack 3316455820, win 0, length 0 out slot1/tmm1 lis=
- gsandu_255860tcpdump -vvv -nni any host 10.100.223.200
- gsandu_255860cksum 0xd40f (incorrect -> 0x3414), - It is similar that the port is closed.
- IainThomson85_1Well - That looks like the VIP is resetting the connection. Difficult to tell the exact reason with analysis of the TCPdump in Wireshark. What error do you get on the browser/application ?
Vijay_ECirrus
Do you have access to the VIP from the client ? i.e., no routing or firewall issues ? Have you tried this logging: https://support.f5.com/kb/en-us/solutions/public/13000/200/sol13223.html
If nothing works, disable and enable the VS and if that fails, delete and re-create it. I have never had issues of this kind and I think there is some kind of routing or connectivity issue rather than a bug on the F5.
- gsandu_255860
Odaah , Thank you for all your assistance. I really appreciate your help in resolving the problem. https://support.f5.com/kb/en-us/solutions/public/13000/200/sol13223.html - very helpful.
[root@f5:Active:Standalone] config tmsh modify /sys db tm.rstcause.log value enable [root@f5:Active:Standalone] config tmsh modify /sys db tm.rstcause.pkt value enable [root@f5:Active:Standalone] config tmsh show /net rst-cause TCP/IP Reset Cause RST Cause: Count Maintenance mode (all VIP/SNAT/Proxy connections disabled) 3 [root@f5:Active:Standalone] config tmsh modify /ltm global-settings general maintenance-mode disabledAll is done .
Thank you again for everything you’ve done.
