User access to servers

MustphaBassim , 
issue this command on CLI , tmsh : 

(tmos)#show sys connections cs-server-addr 100.68.0.8 
 
Put this command during accessing this virtual server 
you should see the Active Connection From your Device ip so get your ip first from your Windows cmd and send results.

MustphaBassim 

Please send the error that appeared when trying to access this Virtual server. 

hello dear

thnx for reply

Hi MustphaBassim , 
  have you issued this this command " show sys connections cs-server-addr 100.68.0.8" 
while accessing your virtual server I mean at the same time. 
if you did that , there is an issue between you as a client and F5. 

> issue this command on bash prompt : 
#curl -v "Pool_member_ip":Port_number 
if your got a data from server , so there is  no issue between F5 and servers "Pool_members"

> maybe it is a DNS resolution problem  ,so try this procedure as a test : 
Go to hosts file on your PC " C partition > windows > system 32 > drivers > etc > hosts files " 
add this Record by any text editor : 
fm.tabadul.iq = 100.68.0.8 
after that , make sure that your hostname FQDN"fm.tabadul.iq" is resolved to 100.68.0.8
Test to browse this url again from incognito window. 
if it works with you , exclude F5 from the issue and check your DNS configuration. 
delete the new added record from hosts file. 

> Last thing , the network connectivity between your Pc and F5 vitrual server "100.68.0.8" 
-execute a #ping 100.68.0.8 on your windows to test your reachabitlity between you and F5. 

Tell me after finishing. 

waiting your Feedback. 

hello dear

this is the reply of curl , i check the ping it's working and for dns as i see the dns server is able to translate the fm.tabadul.iq to the IP of virutal server that set in F5

Have you tried to access the pool members directly without f5. 

• Try http://100.66.0.6:7134/SVFM/

You should reach it. 

> do you use a certificate on servers ?

From my PC I do not have access to it as web put ping I am able to do it

yes the server has it's own self sign certificate

okay , 
> Put a serevr ssl profile in " 100.68.0.8" virtual server. 
in still not working, 
> you will take a packet capture 

tcpdump -nnnveti 0.0:nnnp host "your_PC_IP_address"  -s0 -S -w /var/tmp/name_of_the_file.pcap

> Do not forget to put your IP address in this feild  "your_PC_IP_address" not Virtual server in tcpdump this command. 
> after this command we can see the connections from your Pc to F5 and from F5 to Backend servers and the returned Path as well. 
First take it , when it is done with you and you could capure these traffic , notify me , I will send so filters in Wireshark to view this behavior.

Regards

here it is the file for wireshark

https://mega.nz/file/ozI3laAQ#4aMeivOXWIXNT7YW51qe-LclSt-0lm4YSvA1x6xPQ6s

very Well , 
 

No Issues From your PC and F5 , F5 take your traffic and directs it to "100.66.0.8" and it uses one of SNAT pool IPs "100.68.0.117". 

> the issue is between F5 and server "100.66.0.8" , F5 sends the traffic to it on port 443 not 7134 as configured on your server , so server "100.66.0.8" resets this connections  because it has not 443 "https" service on it and it uses 7134 even if you assign a self certificate on server but it listens on port 7134. 

> Please send a snap shot from "100.66.0.8" pool member configuration , something wrong with it 
check it and tell me. 

here they are

finally it's worked thanx very much for your kind support

Greet News MustphaBassim , 
   I am happy for you and this good troubleshooting as well. 
Most welcome bro 🤝