SSL issue
Hello there,
We have a F5 LTM and a virtual server configured to a server in port 443, the topology is:
Computer --> F5 LTM --> switch --> server
When we try to connect to the server through https we saw the message "Connection reset" in the browser, but if we try to connect without passing the F5 the connection is successful. We don't have configured any SSL client profile or server.
This is the configuration on F5:
#Virtual Server
#________________________________________________________________________________
ltm virtual /Common/Server1 {
destination /Common/10.1.5.X:443
ip-protocol tcp
mask 255.255.255.255
pool /Common/Server1
profiles {
/Common/tcp { }
}
source 0.0.0.0/0
translate-address enabled
translate-port enabled
}
#________________________________________________________________________________
#Pools
#________________________________________________________________________________
ltm pool /Common/Server1 {
members {
/Common/10.1.7.X:443 {
address 10.1.7.X
}
}
monitor /Common/https_443
}
#________________________________________________________________________________
#Profiles
#________________________________________________________________________________
# -Default Profile-
ltm profile tcp tcp {
ack-on-push enabled
close-wait-timeout 5
congestion-control high-speed
deferred-accept disabled
delayed-acks enabled
ecn disabled
fin-wait-timeout 5
idle-timeout 300
keep-alive-interval 1800
limited-transmit enabled
max-retrans 8
nagle disabled
proxy-buffer-high 49152
proxy-buffer-low 32768
proxy-mss disabled
proxy-options disabled
receive-window-size 65535
reset-on-timeout enabled
selective-acks enabled
send-buffer-size 65535
slow-start enabled
syn-max-retrans 3
time-wait-recycle enabled
time-wait-timeout 2000
timestamps enabled
}
As you can see, we don't have any SSL client or server profile and we tried changing "translate-port" to disabled and "Source Address Translation" to auto map but none of these work.
Also we made a tcpdump and we can see the TCP Reset from 10.1.7.X (tcpdump.png) and some curl (curl.png), openssl (openssl.png and openssl2.png) and a telnet (telnet.png).
Hope you can help us to find out what's going on.
Thank you.