Forum Discussion

sbroulaye's avatar
Icon for Altostratus rankAltostratus
Oct 27, 2022

no outbound traffic pool


Kindly help me solve this issue please.

My pool member is not getting any outbound traffic. Inbound traffic is ok.

--Below the vs config 

ltm virtual VS_force {
destination xxxxxxxx:443
ip-protocol tcp
pool POOL_force
profiles {
clientSSL {
context clientside
http { }
tcp { }
source-address-translation {
type automap
translate-address enabled
translate-port enabled
vs-index 87

--Below the pool config

ltm pool POOL_force {
members {
NOD_force {
address xxxxxx
session monitor-enabled
state up
monitor tcp

Thanks in advance.

10 Replies

  • Hey sbroulaye , you're trying to configure the ability for your pool members to initiate traffic destined outbound?

    • sbroulaye's avatar
      Icon for Altostratus rankAltostratus

      Hi buulam, NO !

      The problem is that when clients are web browsing to the VS, the page is showing ERR_CONNECTION_RESET

      When I check the statistics of the pool, there is inbound hits but no oubound traffic (0)

      Hope you understand, I'm new in BIG-IP management.

      • Kevin_Stewart's avatar
        Icon for Employee rankEmployee

        Let us analyze this from a traffic flow perspective. As a proxy, and in this configuration, the BIG-IP is going to both NAT and SNAT the traffic to the pool member. So let's use some comcrete examples:

        • BIG-IP external self-IP:
        • VIP address:
        • BIG-IP internal self-IP:
        • Pool member:

        Traffic arriving at the BIG-IP VIP has the true client IP and a destination IP of (the VIP). The VIP takes the traffic, decrypts, selects a pool member, NATs (changes the destination address to, and then SNATs (changes the source address to So at the pool member, it sees a destination IP of itself, coming from the internal self-IP of the BIG-IP. If you tcpdump at that internal VLAN between the BIG-IP and the pool member, you should see exactly this:

        tcpdump -lnni <internal vlan>

        It would be useful to do this tcpdump to observe what's actually happening. You might see the client requests coming in, but maybe not going out? Or you might only see health monitor traffic? Either of these will increment the inbound traffic counters.

        If you see client traffic coming in, but nothing coming back:

        • Is it because the pool member is expecting TLS but you're not re-encrypting? In this case you might see a completed TCP 3-way handshake but then a RST directly after.
        • Is it because the pool member is not correctly configured to respond? You could do a curl request from the BIG-IP shell to the server to see if it can respond.


  • The self ip is used for monitoring . i see you use tcp mionitor.

    The floating  ip should be used for the traffic between BIGIP and servers.