For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

hmian_178112's avatar
hmian_178112
Icon for Nimbostratus rankNimbostratus
Jun 14, 2018
Solved

TCP Connection Reset between VIP and Client

Topology: Pulse Authentication Servers <--> F5 <--> FORTIGATE <--> JUNOS RTR <--> Internet <--> Client/users. Background: Clients on the internet attempting to reach a VPN app VIP (load-balance...
application delivery
LTM
security
  • AceDawg_204810's avatar
    AceDawg_204810
    Jun 14, 2018

    What are the Pulse/VPN servers using as their default gateway? They should be using the F5 if SNAT is not in use to avoid asymmetric routing.

     

    I would do the following then test:

     

    1. Change the VIP to use SNAT. Test.
    2. If it works, reverse the VIP configuration in step 1 (e.g. no SNAT)
    3. Disable all pool members in POOL_EXAMPLE except for 30.1.1.138
    4. Change the gateway for 30.1.1.138 to 30.1.1.132. Test.
hmian_178112's avatar
hmian_178112
Icon for Nimbostratus rankNimbostratus
Jun 14, 2018

THank you AceDawg, your first answer was on point and resolved the issue.

 

Comment made 4 hours ago by AceDawg 202What are the Pulse/VPN servers using as their default gateway? They should be using the F5 if SNAT is not in use to avoid asymmetric routing.