Forum Discussion
hmian_178112
Nimbostratus
NimbostratusTCP Connection Reset between VIP and Client
Topology:
Pulse Authentication Servers <--> F5 <--> FORTIGATE <--> JUNOS RTR <--> Internet <--> Client/users.
Background:
Clients on the internet attempting to reach a VPN app VIP (load-balance...
What are the Pulse/VPN servers using as their default gateway? They should be using the F5 if SNAT is not in use to avoid asymmetric routing.
I would do the following then test:
- Change the VIP to use SNAT. Test.
- If it works, reverse the VIP configuration in step 1 (e.g. no SNAT)
- Disable all pool members in POOL_EXAMPLE except for 30.1.1.138
- Change the gateway for 30.1.1.138 to 30.1.1.132. Test.
AceDawg1Nimbostratus
NimbostratusIn addition, do you have a VIP configured for port 4500? Noticed in the traffic capture that there is traffic going to TCP port 4500:
18:01:03.427463 IP (tos 0x0, ttl 64, id 5134, offset 0, flags [DF], proto TCP (6), length 60)
30.1.1.133.51704 > 30.1.1.139.4500: Flags [S], cksum 0x609e (incorrect -> 0x57ee), seq 2071882144, win 14600, options [mss 1460,sackOK,TS val 4213873347 ecr 0,nop,wscale 7], length 0 out slot1/tmm0 lis=