Hi Zach,

I configured a test http content with only one http service with icmp keepalive. Server is down. No entry in the arp table, but tcp-rst missing.

Thanks,

Max.

Max,

Are you not seeing the rst for new connections, or on existing connections?

Can you post the output from (for the rule/service you are testing):

show rule all

show service

Thanks,

Zach

Sure,

here is the rule:

L11RM2B003# sho rule CAW FLOW_RESET all

Name: FLOW_RESET Owner: CAW

State: Active Type: HTTP

Balance: Round Robin Failover: N/A

Persistence: Enabled Param-Bypass: Disabled

Session Redundancy: Disabled

IP Redundancy: Not Redundant

L3: 10.198.226.5

L4: TCP/80

Url:

Redirect: ""

TCP RST client if service unreachable: Enabled

Rule Header Field Information

header-field-rule has not been configured for this rule.

Rule Counters:

Total Bytes: 0 Total Frames: 0

Total Redirects: 0 Total Rejects: 11

Overload Rejects: 0

Balance: Round Robin

Advanced Balance: None

Sticky Mask: 255.255.255.255

Sticky Inactivity timeout: 0 minutes

Sticky No Cookie Found Action: Balance

Sticky Server Down Failover: Balance

ArrowPoint Cookie Path: /

ArrowPoint Cookie Expiration: Browser Exit

ArrowPoint Cookie CSS Expired

ArrowPoint Cookie Service: Keep Current

String Match Criteria:

String Range: 1 - 100

String Prefix: ""

String Eos-Char: "" String Ascii-Conversion: Enabled

String Skip-Len: 0 String Process-Len: 0

String Operation: Match-Service-Cookie

Rule Services:

Local Load Threshold: 254

PrimarySorryServer: None

SecondSorryServer: None

VIP Ping Response Decision: Local Services Only

Name: Hits: Wgt: State: Ld: KAlive: Conn: DNS:

----- ----- ----- ------ --- ------- ----- ----

PROVA_BCKEND_1

0 S-1 Down 255 ICMP 0 0

Rule DNS Information

DNS Balance: roundrobin

DNS Names: DNS TTL:

Rule Hotlist Information

Hotlist: Disabled

Size: 10, Type: HitCount, Threshold 0, Interval 1

Associated ACLs: NONE

Here is the service:

L11RM2B003# sho service PROVA_BCKEND_1

Name: PROVA_BCKEND_1 Index: 40

Type: Local State: Down

Rule ( 10.199.3.10 TCP 8080 )

Session Redundancy: Disabled

Redirect Domain:

Redirect String:

Keepalive: (ICMP 5 3 5 )

Last Clearing of Stats Counters: 10/11/2004 11:04:38

Mtu: 1500 State Transitions: 0

Total Local Connections: 0 Total Backup Connections: 0

Current Local Connections: 0 Current Backup Connections: 0

Total Connections: 0 Max Connections: 65534

Total Reused Conns: 0

Weight: 1 Load: 255

DFP: Disable

The problem is I can't see any RST packet when I try to connect to this VIP.

Thank you,

Max.

what you need is this

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a008029c872.html#wp1025529

This is a new feature in 7.40

The flow-reset-reject function is for active flows.

What you want is a RESET for a new connection.

Regards,

Gilles.

That's what I was looking for, thanks.

Anyway, I found another solution, adding an

url "/*"

on the content rule configuration. Maybe with the new feature, we can obtain a RST packet for L4 content too.

Thanks to everybody.

Max.