When I try to SSH from an "off-net" host, from the BIG-IP:
tcpdump -i 0.0 -s0 host 172.21.101.71 (this is the IP of the off-net client/host = FC-RODNS01)
15:59:51.130145 IP fc-rodns01.corp.domain.com.57417 > buildel564.corp.domain.com.ssh: Flags [S], seq 2672739120, win 14600, options [mss 1460,sackOK,TS val 3568921727 ecr 0,nop,wscale 7], length 0
15:59:52.129598 IP fc-rodns01.corp.domain.com.57417 > buildel564.corp.domain.com.ssh: Flags [S], seq 2672739120, win 14600, options [mss 1460,sackOK,TS val 3568922727 ecr 0,nop,wscale 7], length 0
...
So, the BIG-IP is seeing the request.
At the same time, I have a tcpdump running on the client (172.21.101.71/fc-rodns01):
$ tcpdump host 172.26.100.223 (the IP of the server behind the BIG-IP = buildel564):
15:59:51.130145 IP fc-rodns01.corp.domain.com.57417 > buildel564.corp.domain.com.ssh: Flags [S], seq 2672739120, win 14600, options [mss 1460,sackOK,TS val 3568921727 ecr 0,nop,wscale 7], length 0
15:59:52.129598 IP fc-rodns01.corp.domain.com.57417 > buildel564.corp.domain.com.ssh: Flags [S], seq 2672739120, win 14600, options [mss 1460,sackOK,TS val 3568922727 ecr 0,nop,wscale 7], length 0
...
So, the off-net client seems to be ACKing requests from the server behind the F5. But, I'm not seeing anything else.
Thanks,
Josh