Forum Discussion

hmian_178112's avatar
hmian_178112
Icon for Nimbostratus rankNimbostratus
Jun 14, 2018

TCP Connection Reset between VIP and Client

Topology: Pulse Authentication Servers <--> F5 <--> FORTIGATE <--> JUNOS RTR <--> Internet <--> Client/users. Background: Clients on the internet attempting to reach a VPN app VIP (load-balance...
  • AceDawg_204810's avatar
    Jun 14, 2018

    What are the Pulse/VPN servers using as their default gateway? They should be using the F5 if SNAT is not in use to avoid asymmetric routing.

     

    I would do the following then test:

     

    1. Change the VIP to use SNAT. Test.
    2. If it works, reverse the VIP configuration in step 1 (e.g. no SNAT)
    3. Disable all pool members in POOL_EXAMPLE except for 30.1.1.138
    4. Change the gateway for 30.1.1.138 to 30.1.1.132. Test.