Deny TCP reverse path check
I have an Internal Vlan and an External Vlan, and the F5 is acting as the load balancer for virtual servers and it is the default gateway using a forwarding virtual server for all other traffic, in addition I am not using SNAT. There is an ASA firewall between the Virtual IP addresses which ONLY allows traffic from the Virtual IP's to exit the DMZ. The problem seems to be that when a session on a virtual server is torn down, the web servers are sending an "Extra" RST or FIN packet. This extra packet since the session is torn down goes thru the forwarding virtual server as a routed packet. The problem is however since this has the destination address of the REAL CLIENT (Internet Address) an a SOURCE of the Internal Web Servers, which the Firewall has no Route to them. The firewall then spits out a message "Deny TCP reverse path check" since it has no route WEB servers on the Internal Vlan. This problem has been blamed on the F5, saying the sessions are not properly terminated. The real issue is the web servers are sending an extra packet for an unknown reason. The traffic is just Noise. Any thoughts?