F5 Big-IP seems to send RST packet on behalf of APM client
Hello,
I have a requirement from our business where people need to be able to use some service on the internet directly.
I don't want to use a split tunnel.
The setup is as follows (IPs are examples):
- APM clients have IPs in range 10.1.1.0/24
- Big-IP has internal IP 10.1.10.10
- Big-IP has external IP 5.5.5.5
- IP that has to be reached directly on the internet 6.6.6.6
- NAT address for clients 5.5.5.6
Now, when I set this up, I see the following:
- client 10.1.1.1 tries to connect to IP address 6.6.6.6
- traffic passes through the F5
- traffic arrives at firewall, firewall NATs the traffic (10.1.1.1 --> 6.6.6.6 is translated to 5.5.5.6 --> 6.6.6.6)
- response from 6.6.6.6 arrives at firewall and is translated back (6.6.6.6 --> 5.5.5.6 is translated to 6.6.6.6 --> 10.1.1.1)
- packet arrives at F5
And there is stops...
All of the above is verified with packet captures.
The SYN-ACK packet from 6.6.6.6 --> 10.1.1.1 arrives at the F5, but never at the client.
Moveover, the F5 sends a RST-ACK message back to 6.6.6.6 with source IP 10.1.1.1.
Any idea what could be the cause of this issue?
Why doesn't the F5 send the SYN-ACK to the client? It does arrive at the F5.
Thanks.