28-Apr-2020 01:30
Hi All,
I am trying to validate the VIP, which is failing in the browser stating that "connection reset",
The server that is mapped to the pool is green via the health check, i can use curl -vk https://<serverip>/state.txt --> it gives the right response,
If i do the same with the vip, i get the following error, curl -vk https://<VIPip>/state.txt --> Below error
> GET /state.txt HTTP/1.1
> Host: xxxxxxxxxxxxxxx
> User-Agent: curl/7.47.1
> Accept: */*
>
* SSL read: error:00000000:lib(0):func(0):reason(0), errno 104
* Closing connection 0
curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 104
The server is local to the F5, directly connected,
Please let me know if there are any thoughts on this problem.
28-Apr-2020 02:31
Hi Lidev,
The Irule used on the vip is a standard rule which is used in 1000's of other vip's with no issues,
Do you see any other problem?
28-Apr-2020 02:36
It's hard to say without more details about the virtual server and monitoring configuration.
I'll still test without the iRule to see if you can reproduce the issue 😉
28-Apr-2020 03:02
Removing Irule didn't help, anyway, thanks for looking into this 🙂
28-Apr-2020 02:59
Hi Samir,
Serverssl is applied, SNAT is not required as server is local to the F5, thank you.
28-Apr-2020 03:38
Is it working?
28-Apr-2020 08:36
Are you able to ping the VIP?
28-Apr-2020 09:00
Yes, i do
28-Apr-2020 09:07
Is this a production environment with real certificate/key attached to client SSL profile or you're just testing it with default Client SSL profile? Do you have a client SSL Profile attached to the VIP? If so, disable "Generic Alert" option and you can follow the steps in this article to decrypt TLS traffic: https://devcentral.f5.com/s/articles/Decrypting-TLS-traffic-on-BIG-IP
10-Jul-2020 13:13
Any findings? Having the same issue.