Forum Discussion

Nimbostratus

Jun 14, 2018

Solved

TCP Connection Reset between VIP and Client

Topology: Pulse Authentication Servers <--> F5 <--> FORTIGATE <--> JUNOS RTR <--> Internet <--> Client/users. Background: Clients on the internet attempting to reach a VPN app VIP (load-balance...

application delivery

LTM

security

AceDawg_204810
Jun 14, 2018
What are the Pulse/VPN servers using as their default gateway? They should be using the F5 if SNAT is not in use to avoid asymmetric routing.

I would do the following then test:

Change the VIP to use SNAT. Test.
If it works, reverse the VIP configuration in step 1 (e.g. no SNAT)
Disable all pool members in POOL_EXAMPLE except for 30.1.1.138
Change the gateway for 30.1.1.138 to 30.1.1.132. Test.

AceDawg1

Nimbostratus

Jun 14, 2018

Mea culpa. I added both answers/responses as the second provides a quick procedure on how things should be configured.

Many thanks.

Forum Discussion

TCP Connection Reset between VIP and Client

Recent Discussions

Uri-based client cert authentication question

Wildcard SSL Certificate Deployment on F5 LTM

help irules for compatibilty

Grant access to users from F5 APM based on okta user group

iRule condition - request contains more than 10000 parameters

Related Content

Log client to vip connections

Limit Connections From Client

Securely connecting Kubernetes Microservices with F5 Distributed Cloud

Enhance your Application Security using Client-side signals

Troubeshooting website connection