RESET packets in Asymmetric routing Mode
We have asymmetric routing environment where F5 is one of the gateway of server, because of this we were not able to connect to server directly that are behind the f5. We fixed the problem using custom FastL4 profile with Loose Initiation and Loose Close enabled solution on http://support.f5.com/kb/en-us/solutions/public/13000/500/sol13558.htmlcreating.
But in this scenario F5 is not passing the RESET packet that server is sending to client for a non-listening port request. Below is the captures from different interfaces of F5 where it can be seen, server 10.212.152.126 is sending reset on internal VLAN interface STG-INTERNAL-APP-SERVER side but F5 is not sending out to external interface STG-INTERNAL-APP-VIP.
Any idea if F5 doesn't forward the reset packets when it doesn't see original syn against the passing the ack in the same scenario.
tcpdump -i STG-INTERNAL-APP-SERVER port 1835 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on STG-INTERNAL-APP-SERVER, link-type EN10MB (Ethernet), capture size 96 bytes 14:01:01.949710 IP 10.212.152.126.ardusmul > 172.26.2.100.50812: R 0:0(0) ack 1706793690 win 0 14:01:04.957670 IP 10.212.152.126.ardusmul > 172.26.2.100.50812: R 0:0(0) ack 1 win 0 14:01:10.955519 IP 10.212.152.126.ardusmul > 172.26.2.100.50812: R 0:0(0) ack 1 win 0
tcpdump -i STG-INTERNAL-APP-VIP port 1835 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on STG-INTERNAL-APP-VIP, link-type EN10MB (Ethernet), capture size 96 bytes