Forum Discussion
Steve_Lattray_5
Nimbostratus
NimbostratusRST from LDAP server after socket is closed
I have a F5 pool configured for our LDAP servers. I have an iRule that will NAT addresses if the source is on the same subnet as the LDAP servers (The F5 is the default gateway. This iRule prevents asymmetric flows). The problem I am having is after the socket is closed the LDAP server sends an additional RST packet. Since the F5 has closed the socket there is no longer an entry in the NAT table so the packet follows the default route and gets dropped by our internet firewalls. Is there a setting in the F5 or on the LDAP servers that may prevent this from happening?
2 Replies
Steve_Lattray_5here is the last four packets in the trace. Notice the additional RST packet 24
21 0.334614800 TCP LDAP SASL GSS-API Integrity: unbindRequest(9)
22 0.334772688 TCP 1ldap > 54404 [RST, ACK] Seq=4146 Ack=3157 Win=0 Len=0
23 0.334998368 TCP 54404 > ldap [FIN, ACK] Seq=3157 Ack=4146 Win=64048 Len=0
24 0.335049936 TCP ldap > 54404 [RST] Seq=4146 Win=0 Len=0- Steve_Lattray_5Anyone?
Im assuming the solution for this will be on the LDAP servers. Unfortunatly I dod not have access to them and the team that manages them said there is nothing they can do. I dont want to block these packets at the router. I would prefer to find out why the LDAP server is sending the RST and stop it.
