Forum Discussion
AltostratusLDAP & LDAPS
Hello folks,
I have been told to create a VIP for LDAP and LDAPS for port 389 and 636 with no stickiness required and the cert was supposed to be used on the servers rather than importing it on F5. Now, the issue is LDAP VIP for port 389 is working fine but, the user is not able to connect through VIP for port 636. I created standard VIP for LDAP for port 389 and used "Performance L4" profile for VIP for port 636. I could see on the VIP statistics that it is showing TCP RST packets. Can anyone help me troubleshoot this issue? Any input on this will be greatly appreciated.
Thank you.
5 Replies
JGCumulonimbus
Does the service on port 389 work if you change it to use "Performance L4"?
Does VIP 636 have a pool? If yes then what does tcpdump show for 636?
AnjuHi Jie, The service on port 389 is working fine with the standard VIP profile.
- Anju
Hello Joko, The VIP 636 have a pool with 4 real servers and the same ones are used as the pool members for VIP created with Standard profile for port 389. I will capture the tcpdump for 636 and let you know.
Thank you.
Dear Pihu,
Please use interface "0.0" in your tcpdump so we can see both sides of the traffic from F5's perspective. TCP RST could be from F5 or from backend server. If it is coming from F5 then it could be that the pool has no available member.
Cheers,
-joko
