Forum Discussion
Hi @iaine
I successfully enabled the SSL pass through and SNAT, but there is an issue, it works for a very short time and after that I get the same error ERR_CONNECTION_REFUSED by the client. When I update SNat with the same configuration it works again and after that it gives the same error. Can you please tell what is happening here?
- Ahmed_GalalDec 08, 2019Cirrostratus
did you cofigure monitor for backend servers. i think that this might be related to a one of backend servers issue because there is no configuration in SSL passthrough you just dont configure profiles and configure backend servers with port 443.
- KhubaibArshadDec 09, 2019Nimbostratus
Hi Ahmed,
No I am not using the Health Monitors for the back end server, because it shows that the HTTPs is down, which brings my nodes down, the back end servers are configured with the redirect to https, they accept https only. When this error occurs the VIP 10.0.0.70 is also down.
- Ahmed_GalalDec 09, 2019Cirrostratus
( because it shows that the HTTPs is down) if the health monitor shows that backend server is down thats mean you have SSL communication issue between F5 and backend server might be incompatible cipher suite. configure health monitor again then make tcpdump for traffic between F5 self address and backend server.
(When this error occurs the VIP 10.0.0.70 is also down) and this is the purpose for health monitor to drop connection when it sees that service is down on backend server
- KhubaibArshadDec 18, 2019Nimbostratus
But why every time it click on update, it works?
- jaikumar_f5Dec 09, 2019MVP
Are you saying that you have not applied any monitor for your pool members. Please share your existing setup masking the imp details.
tmsh list ltm virtual <virtual name>
tmsh list ltm pool <pool name>
- KhubaibArshadDec 18, 2019Nimbostratus
root@f5-35(Active)(tmos)# list ltm virtual vns-portal-vip
ltm virtual vns-portal-vip {
destination 10.10.10.70:any
ip-protocol tcp
mask 255.255.255.255
pool VNS-Portal-Pool
profiles {
fastL4 { }
}
snatpool vns-snat-pool
translate-port disabled
}
root@f5-35(Active)(tmos)# list ltm pool VNS-Portal-Pool
ltm pool VNS-Portal-Pool {
members {
10.10.10.71:smtp {
session monitor-enabled
}
10.10.10.71:domain {
session monitor-enabled
}
10.10.10.71:http {
session monitor-enabled
}
10.10.10.71:https {
session monitor-enabled
}
10.10.10.71:smtps {
session monitor-enabled
}
10.10.10.71:submission {
session monitor-enabled
}
10.10.10.72:smtp {
session monitor-enabled
}
10.10.10.72:domain {
session monitor-enabled
}
10.10.10.72:http {
session monitor-enabled
}
10.10.10.72:https {
session monitor-enabled
}
10.10.10.72:smtps {
session monitor-enabled
}
10.10.10.72:submission {
session monitor-enabled
}
10.10.10.73:smtp {
session monitor-enabled
}
10.10.10.73:domain {
session monitor-enabled
}
10.10.10.73:http {
session monitor-enabled
}
10.10.10.73:https {
monitor none
}
10.10.10.73:smtps {
session monitor-enabled
}
10.10.10.73:submission {
session monitor-enabled
}
}
monitor tcp and https_443
}