Unable to connect to virtual server with curl -v xx.xx.xx.xx:8443 or 443

Question

Hi,I have created one Virtual Server in LTM Big IP F5&nbsp;BIG-IP 14.1.0.2 Build 0.0.4 Point Release2Port number I used while creating is 443 https service. Also Pool Members are from different subnets that Virtual Server; hence no SNAP auto map is used.I get output when i run same command for Pool member IP with Service port 8443; as at server end 8443 port is assigned. However when I am running&nbsp;command with 8443 and 443 but it does not produce any output. It gives me error of Conenction refuse. Below GIven is Logs of Outputlogs:* Rebuilt URL to:* Trying xx.xx.xx.xx...* connect to xx.xx.xx.xx port 443 failed: Connection refused* Failed to connect to xx.xx.xx.xx port 443: Connection refused* Closing connection 0curl: (7) Failed to connect to xx.xx.xx.xx port 443: Connection refused

nikoolayy1 · Answer

Hello , Please do more investigation as it could be many things as the web server not allowing the traffic and so on. Also the pool member being different subnet than the VIP or even the F5 device not having a direct subnet to the pool member does not affect SNAT as the F5 self IP is used for the server connection. Maybe you need to read:
https://support.f5.com/csp/article/K7336
&nbsp;
https://support.f5.com/csp/article/K99422936
&nbsp;
For HTTP/SSL issues check:
https://community.f5.com/t5/technical-forum/knowledge-sharing-troubleshooting-investigating-ssl-and-http/m-p/208167

anup_km · Answer

I did some additonal Check that Virtual IP is reachable from Server. and I am also able to run curl command for Server IP it gives me Handshake results.

One strange thing; When i telnet Virtual IP from inside F5 CLI it does not allow me inside. Howerver when I try to telnet Server Pool IP I get to prompt. It is very different behaviour as virtual IP is only present on F5 device itselft.

Still I am not able to telnet it with port 8443 or 443 whichever I configure.

nikoolayy1 · Answer

Again the F5 uses a self ip to talk to the server not the VIP address that is for the client. Please see what I provided and maybe check:
&nbsp;
https://support.f5.com/csp/article/K17333
https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-routing-administration-11-6-0/4.html

anup_km · Answer

No. I am not taking to telnet F5 Virtual Interface from Putty or any management Server.

I have already taken CLI inside working LB thorugh its management IP.

I tested telneting another virtual Server configured in same LB with Virtual IP with command

telnet xx.xx.xx.xx 443 ........................ it works

However for this perticular Virtual Server when I do same with telnet xx.xx.xx. 8443 or 443 it does not work.

anup_km · Answer

Mentioned Articles I went through; It is not relevent for this issue.As SSL Certificate is not terminated on F5 for Server I am having issue with on LTM.Management routes and Management IP are totally different from Virtual IP instance.Routing will not take any part in performing telnet to same IP which is only virtaul instance in BIG IP F5. Other working Virtual Server IP are allowing me to telnet inside (atleast i am getting prompt) from inside CLI login of Selft BIG IP F5. With this perticular Virtual Server IP there is issue; Even Pool memebers which are configured with 8443 Port allowed to be telnet when performed from CLI prompt of BIG IP F5; only self IP does not give telnet enable with port 8443 or 443; there must be some configuration issue with this Virtual Server; but I tested all configuration.Including SNAT: Client Profile; Server Profile; VLAN setting; all are as per working Virtual server only; but when I run Curl command or telnet session of Virtual server IP it gives connection refused; that means port 8443 or 443 is not allowing to set up telnet connection.

Forum Discussion

Unable to connect to virtual server with curl -v xx.xx.xx.xx:8443 or 443

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire

pool members can't connect to another Virtual Server

DevCentral Connects hosts Capture the Flag!

Troubeshooting website connection

Check a Virtual Server's SSL Status

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS