Sorry Paulius I guess I didn't post the VS configuration. Thought I did. The VS isn't configured to listen on 443. It's configured to listen on 7246. The pool members are also configured for 7246. A wireshark of communication between the client and server with no F5 in place is what told me there is TLSv1.2 going on between the two devices on that port.
In this configuration, the client will connect without issue, because it's just doing the SSL forwarding:
ltm virtual Nav_7246 {
creation-time 2023-09-26:16:00:07
destination <VS IP>:7246
ip-protocol tcp
last-modified-time 2023-10-04:16:58:23
mask 255.255.255.255
persist {
source_addr {
default yes
}
}
pool Nav_Pool_7246
profiles {
LC-http { }
fastL4 { }
}
serverssl-use-sni disabled
source 0.0.0.0/0
source-address-translation {
pool Nav
type snat
}
translate-address enabled
translate-port enabled
vs-index 4
}
ltm pool Nav_Pool_7246 {
load-balancing-mode predictive-member
members {
Nav01:7246 {
address <Nav01 IP>
session monitor-enabled
state up
}
Nav02:7246 {
address <Nav02 IP>
session monitor-enabled
state down
}
}
monitor tcp
}
When I try with this VS configuration (same pool as above) is when I get the protocol errors
ltm virtual Nav_7246 {
creation-time 2023-09-26:16:00:07
destination <VS IP>:7246
ip-protocol tcp
last-modified-time 2023-10-05:08:35:17
mask 255.255.255.255
persist {
source_addr {
default yes
}
}
pool Nav_Pool_7246
profiles {
LC-http { }
LC-oneconnect { }
LC-tcp-lan { }
Wildcard23-24 {
context clientside
}
serverssl {
context serverside
}
}
serverssl-use-sni disabled
source 0.0.0.0/0
source-address-translation {
pool Nav
type snat
}
translate-address enabled
translate-port enabled
vs-index 4
}