RST,ACK sent from server to VIP .

Question

Setup on F5&nbsp;
standard Virtual server with service port 80 with 4 pool members.When access via the VIP , the external user is trying to browse NATted IP which is natted to the VIP , the user is not able to access.&nbsp;
But when tried accessing directly to one of the pool members,they are able to browse.&nbsp;
When i did packet capture&nbsp;
tcpdump -ni 0.0:nnn -s0 -w /var/TEST.pcap host &nbsp;
I can see a tcp-[rst,ACK] from  the source-IP to VIP .&nbsp;
Does this mean there is RSt sent from the VIP ? but i am not seeing any RSt from the f5 interface internal IP as i did packet capture to pool members. &nbsp;
I dont see a Reset packet sent , should i run a tcp/reset debug on f5 next time to proceed further ?&nbsp;
Also, we are doing an http monitor and its with authentication too.&nbsp;
Could you let me know how does that monitor work ? F5 gives those credentials while monitoring?&nbsp;
The RESET,ACK is seen always after a http/1.1 401 unauthorised.&nbsp;
The source user isnt getting any page to put in his credentials either. ITs just page cannot be displayed.So how is that unauthorized response being sent ?&nbsp;
Do look into this and help me out.&nbsp;

draco · Answer

Please do reply...am pretty stuck as to what is happening as am new to f5 .&nbsp;

greg_robinson_1 · Answer

There are some questions I have first.&nbsp;
You say they're trying to browse to a VIP that is NAT'd. Does the NAT occur on or before the F5? It sounds like this:&nbsp;
Host --- (NATing device) --- F5 VIP --- pool member&nbsp;
Is this correct?&nbsp;
The F5 will authenticate into HTTP using the credentials assigned for monitoring. Is that monitor successful?&nbsp;
Last, where is the TCP RST shown, on the server side of the F5 or the client side?&nbsp;
Thanks&nbsp;

daren_matthews · Answer

The tcpdump might not have captured all of the packets due to the host filter.
https://support.f5.com/kb/en-us/solutions/public/14000/300/sol14335 &nbsp;
If you do capture the HTTP traffic, the HTTP 401 should also contain a "WWW-Authenticate header" that shows how to authenticate.  If it doesn't contain that header that is the next thing to investigate.  Also if it does contain that header and the method is "negotiate" it could be due to:
https://support.f5.com/kb/en-us/solutions/public/11000/100/sol11110.html &nbsp;
Daren

Forum Discussion

RST,ACK sent from server to VIP .

3 Replies

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

In F5 APM, how to include multiple DNS suffix?

Username is not filled in EdgeClient in the Modern customization

Cert Bundle Manager

Question regarding F5 Viprion Configuration Migration to VE.

Why does SSLO not support ACTIVE-ACTIVE mode deployments？

Related Content

F5 Distributed Cloud Origin Server Subset Rules

Virtual sends [RST, ACK]

BIG-IP High Availability with Azure Route Server

virtual server config

Check a Virtual Server's SSL Status

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS