Forum Discussion

strongarm_46960's avatar
strongarm_46960
Icon for Nimbostratus rankNimbostratus
Oct 05, 2010

No server hello, no pool packets

when configured using port 80, everything works fine, as soon as I switch to SSL, pool side fails to send.

 

 

I am using automap. usedthe SSL profile on client and server side, From the tcpdump, my ssl connection reaches the virtual, however, when I sniffed the pool(443) nothing.

 

 

Somewhere after the virtual and the pool, packets are getting dumped, any ideas. Also, changing the cert to the default self signed, no server hello is not being sent out.

 

 

Openssl client test on the LTM to the virtual:443 and pool:433 presents both certs fine.

 

 

what Am I missing.
config
design

13 Replies

Sort By
Show More
  • strongarm_46960's avatar
    strongarm_46960
    Icon for Nimbostratus rankNimbostratus
    Oct 06, 2010
    on the F5 box, I started TCPdump and telnet from another windows, After the 3 way handshake with the pool and certificate persented to the LTM, then I do a GET request, I see the PUSH within the dump.

     

     

    The Backend responds with a Fin.

     

     

    in the end a TCP RSt from the backend

     

     

    I cant see why it would be the Network firewall SNAT. since the 3way took place, and request got through and I see the ACK of from the server.
  • strongarm_46960's avatar
    strongarm_46960
    Icon for Nimbostratus rankNimbostratus
    Oct 06, 2010
    It turns out the problem is the firewall, port 443 was not opened, still does not explain why I was able to see the backend presented cert over openssl. since this would have come over the same port. strange indeed!
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Oct 06, 2010
    If port 443 was open for the non-floating IPs, you'd have seen the cert presented as your test would have used the non-floating address wheras the SNAT used the float.