Forum Discussion

dipta_03_149731's avatar
dipta_03_149731
Icon for Nimbostratus rankNimbostratus
Jul 27, 2015

LTM VIP is sending reset packets and URL is not working.

We have an exchange webmail set up. Its a https URL but there's no certificate on LTM since backend server takes care of it.

 

Below is the VIP setup:

 

ltm virtual exchange2010-webmail.xxx.com-443 { destination 216.xx.xx.xx:https ip-protocol tcp mask 255.255.255.255 partition CoreSvcs pool webmail.xxx.com-443 profiles { /Common/analytics { } /Common/http { } /Common/tcp { } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 4 }

 

Heres the pool, where members is marked up:

 

ltm pool webmail.ironmountain.com-443 { members { kcmtmgp01.na.xxx.com:https { address 192.x.x.x session monitor-enabled state up } } monitor /Common/https_443

 

But when we try accessing the URL from external network it doesn't work and keeps loading. Upon taking a packet capture I could see Reset packets from LTM VIP to Default Gateway on LTM.

 

8 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Jul 27, 2015

    Looks like it's a HTTPS virtual server but you're not offloading the SSL transaction. In that case remove the http profile from the VS configuration and try again.

     

    Hope this helps,

     

    N

     

    • nathe's avatar
      nathe
      Icon for Cirrocumulus rankCirrocumulus
      Jul 28, 2015
      OK, two further things, see https://support.f5.com/kb/en-us/solutions/public/13000/200/sol13223.html to log the RST reason. Also, try using SSLDUMP to check if it's the SSL handshake failing (I assume if you use TCPDUMP it passes the initial TCP 3 way handshake?)
  • dipta_03_149731's avatar
    dipta_03_149731
    Icon for Nimbostratus rankNimbostratus
    Jul 28, 2015

    Yes Nathan.

     

    When I take a tcp dump I see the 3 way handshake and then some tCP Retransmision packets. Some TCP Duplicate and Keep Alive PAckets in middle and then Reset from LTM VIP to Default Gay=teway configured on LTM.

     

    • nathe's avatar
      nathe
      Icon for Cirrocumulus rankCirrocumulus
      Jul 28, 2015
      what about the SSL handshake? See https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html to detail capturing tcpdump and then using -r to read SSL handshake
  • DevBabu's avatar
    DevBabu
    Icon for Cirrus rankCirrus
    Jul 28, 2015
    • Since you have configured SNAT automap, do you have floating self ip for the subnet reaching the pool member.
    • Do you see serverside communication between LTM and the pool member in that request