Forum Discussion
Alexey_384
Historic F5 Account
Log shows that you can't pass an access policy. There are a lot of possible misconfigurations, but the common one is an untrusted server certificate. Have you add the CA cert in a cert store? If not you should set it or use an option to ignore the server certificate.
Alexey_384
Feb 28, 2014Historic F5 Account
I would do following:
Check BIG-IP logs to determine on what exact step connection is closed.
Using tcpdump determine who closes connection big-ip or client.
If client.. I'd check all options again. The only issue with establishing connection I faced is an untrusted certificate.
If server then: is connection closed during access policy execution or network access establishing? Shouldn't be NA, because browser works.
Is access policy configured with the client side checkers? As I remember Linux CLI doesn't support them. Also, login can be allowed for the browsers only. And logon page customisation also may break authentication.
BIG-IP can drop connection before access policy execution in case of wrong (absent) client's certificate (depends on client's ssl profile).