Forum Discussion
Brad_Parker
Mar 25, 2015Cirrus
You are seeing a TCP handshake failure server side? Is SSL involved at all? What iRules are you using?
- Brad_146558Mar 25, 2015NimbostratusRight now we've taken all iRules out of the equation for testing purposes. SSL is involved, we are using a certificate/key/ca packaged up in PKCS 12 format. The only other thing noteworthy about the certificate is it is a UCC/Multiname certificate. Also we are encrypting the conversation from end to end, so on the client side of the conversation as well as the server side.
- Brad_ParkerMar 25, 2015CirrusAre you getting SSL handshake failures or TCP handshake failures on the server side?
- Brad_146558Mar 25, 2015NimbostratusTCP, we are also seeing a lot of duplicate ACKs from the server which just makes the situation that much more confusing. I'm leaning a little more towards this being an issue with the server itself but it is odd that we are only seeing the TCP issues when the server is communicating with the F5.
- Warrren_194260Mar 26, 2015NimbostratusWe are having similar issues with the F5 device too. We see our traffic (MVC-API) from the mobile device hit our IIS server. But it looks like F5 does not know what to do with the return message.. We have been at this for weeks and there seems to be no resolution insight.
- Brad_ParkerMar 26, 2015CirrusIs the BigIP your default gateway or are you using SNAT?
- Warrren_194260Mar 26, 2015NimbostratusWe are using it as a SNAT, not as a gateway.
- Warrren_194260Mar 26, 2015NimbostratusCould this be a SSL 3.0 issue?
- Brad_ParkerMar 28, 2015CirrusWhat version of BIGIP are you running? Do you packet captures show a SSL handshake failure?