Forum Discussion

NN's avatar
NN
Icon for Altostratus rankAltostratus
Jul 19, 2023

Getting TCP Reset-0 from server when routing HTTPS traffic via F5

We would like to place the working public URL behind the F5. The current connection works similarly to a firewall NATing a public IP address to a private one before sending it to the server. We placed F5 between the server and firewall. On the Firewall, a new route has been added and on F5 we have new VIP and pool. Both VIP and Pool are active. However, we are unable to hit the page by saying "ERR_CONNECTION_RESET". The logs indicate that the connection from the F5 NAT IP to the server was broken down using a TCP connection with a duration of 0:00:00 bytes 1697 TCP Reset-O from the F5_Interface.

I added the port 443 as the pool monitor, and the logs indicate that the monitor connection teardown was successful. I also attempted to telnet using port 443 to this public IP address, and that also worked. Please, if anyone can help me with this.

 

  • NN's avatar
    NN
    Jul 20, 2023

    Paulius Thanks to jump on this. I have found the issue.

    The server was sending the certificate rather than F5, so we needed to set our HTTP profile on F5 to none.

  • NN If you can please provide your topology with what you have described above, the F5 configuration for the Virtual Server (VS) and anything configured in it. The configuration for the VS should be it, any profiles such as tcp or SSL profiles, pool configuration, and any irules or traffic policies that you might have configured. My best guess currently is that the F5 is not the gateway for the servers you are balancing to so you most likely have to turn on SNAT but that's just a guess without knowing your topology or the F5 configuration.

    • NN's avatar
      NN
      Icon for Altostratus rankAltostratus

      Paulius Thanks to jump on this. I have found the issue.

      The server was sending the certificate rather than F5, so we needed to set our HTTP profile on F5 to none.