For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

SL's avatar
SL
Icon for Cirrus rankCirrus
May 11, 2018

Unable to connect via F5

Hi

I have setup the following VS and I am not able to connect successful via the browser or when doing a Curl.

This error when using Curl

    curl http://10.10.10.10:9114 -v
* Rebuilt URL to: http://10.10.10.10:9114/
*   Trying 10.10.10.10...
* TCP_NODELAY set
* Connected to 10.10.10.10 (10.10.10.10) port 9114 (0)
> GET / HTTP/1.1
> Host: 10.10.10.10:9114
> User-Agent: curl/7.53.1
> Accept: */*
>
* Recv failure: Connection was reset
* stopped the pause stream!
* Closing connection 0
curl: (56) Recv failure: Connection was reset

If I Curl from the F5 to the server I get a valid response

    config  curl http://10.10.10.11:9114 -v
* About to connect() to 10.10.10.11 port 9114 (0)
*   Trying 10.10.10.11... connected
* Connected to 10.10.10.11 (10.10.10.11) port 9114 (0)
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/1.0.1l zlib/1.2.3 libidn/0.6.5
> Host: 10.10.10.11:9114
> Accept: */*
> 
< HTTP/1.1 403 Forbidden
< Cache-Control: must-revalidate,no-cache,no-store
< Content-Type: text/html;charset=ISO-8859-1
< Content-Length: 1267
< Server: 123(8.0.4.v20111024)
< 



Error 403 Forbidden


HTTP ERROR: 403
Problem accessing /. Reason:
    Forbidden
Powered by 123://





* Connection 0 to host 10.10.10.11 left intact
* Closing connection 0

This is my VS Config

ltm virtual /Common/vs_9114 {
destination /Common/10.10.10.10:9114
ip-protocol tcp
mask 255.255.255.255
pool /Common/pool_9114
profiles {
    /Common/tcp-wan-optimized { }
}
source 0.0.0.0/0
source-address-translation {
    type automap
}
translate-address enabled
translate-port enabled

Any ideas or suggestions please as to why not working?

application delivery
LTM

8 Replies

  • eben's avatar
    eben
    Icon for Nimbostratus rankNimbostratus
    May 11, 2018

    Hi,

     

    If you are accessing via a browser or invoking a GET using curl, you should have HTTP profile set on the vs, I don't see that. apply an http profile, test and revert.

     

    HTH

     

    • SL's avatar
      SL
      Icon for Cirrus rankCirrus
      May 14, 2018

      Hi

       

      Adding the http profile not making a difference, it should be able work without the http profile.

       

      SL

       

  • eben_259100's avatar
    eben_259100
    Icon for Cirrostratus rankCirrostratus
    May 11, 2018

    Hi,

     

    If you are accessing via a browser or invoking a GET using curl, you should have HTTP profile set on the vs, I don't see that. apply an http profile, test and revert.

     

    HTH

     

    • SL's avatar
      SL
      Icon for Cirrus rankCirrus
      May 14, 2018

      Hi

       

      Adding the http profile not making a difference, it should be able work without the http profile.

       

      SL

       

  • murali_125469's avatar
    murali_125469
    Icon for Nimbostratus rankNimbostratus
    May 14, 2018

    can you post the tcpdump output that was taken while you were connecting to the VIP ?

     

  • SL's avatar
    SL
    Icon for Cirrus rankCirrus
    May 14, 2018

    Hi

     

    Found the issue, I have multiple SelfIPs and routes configured.

     

    For some reason I had to delete the SelfIPs from one of the other VLANs and it started working. It appears thus for some reason it wasnt using the gateway that i specified in the Route and with the other SelfIPs deleted it is working.

     

    • Adeyinka's avatar
      Adeyinka
      Icon for Nimbostratus rankNimbostratus
      Oct 12, 2023

      Please what do you mean by this? I am having the same issue when I try to Curl my VS with same command.

      How many Routes, Self IPs, do you have configured now that made it work? What are the configurations on them?