An LTM device has a virtual server configured as a Performance Layer 4 virtual listening on 0.0.0.0:0 to
perform routing of packets to an upstream router. The client machine at IP address 192.168.0.4 is
attempting to contact a host upstream of the LTM device on IP address 10.0.0.99.
The network flow is asymmetrical, and the following TCP capture displays:
# tcpdump -nnni 0.0 ‘host 192.168.0.4 and host 10.0.0.99’
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 96 bytes
05:07:55.499954 IP 192.168.0.4.35345 > 10.0.0.99.443: S 3205656213:3205656213(0) ack 3267995082
win 1480
05:07:55.499983 IP 10.0.0.99.443 > 192.168.0.4.35345: R 1:1(0) ack 1 win 0
05:07:56.499960 IP 192.168.0.4.35345 > 10.0.0.99.443: S 3205656213:3205656213(0) ack 3267995082
win 1480
05:07:56.499990 IP 10.0.0.99.443 > 192.168.0.4.35345: R 1:1(0) ack 1 win 0 4 packets captured
Which option within the fastL4 profile needs to be enabled by the LTM Specialist to prevent the LTM device
from rejecting the flow?

A virtual server for a set of web services is constructed on an LTM device. The LTM Specialist has created
an iRule and applied this iRule to the virtual server:when HTTP_REQUEST {
switch [HTTP::uri] {
“/ws1/ws.jsp” {
log local0. “[HTTP::uri]-Redirected to JSP Pool”
pool JSP
}
default { log local0. “[HTTP::uri]-Redirected to Non-JSP Pool”
pool NonJSP
}
}}
However, the iRule is NOT behaving as expected. Below is a snapshot of the log:
/WS1/ws.jsp-Redirected to JSP Pool
/WS1/ws.jsp-Redirected to JSP Pool
/WS1/ws.jsp-Redirected to JSP Pool
/WS1/WS.jsp-Redirected to Non-JSP Pool
/ws1/WS.jsp-Redirected to Non-JSP Pool
/WS1/ws.jsp-Redirected to JSP Pool
/ws1/ws.jsp-Redirected to Non-JSP Pool
What should the LTM Specialist do to resolve this?

An LTM Specialist has a OneConnect profile and HTTP profile configured on a virtual server to load
balance an HTTP application.
The following HTTP headers are seen in a network trace when a client connects to the virtual server:
Clientside:
GET / HTTP/1.1
Host: 192.168.136.100
User-Agent: Mozilla/5.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-EncodinG. gzip, deflate
Connection: keep-alive
Serverside:
HTTP/1.1 200 OK
DatE. 5 Jun 1989 17:06:55 GMT
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
Content-EncodinG. gzip
Content-LengtH. 3729
X-Cnection: close
Content-TypE. text/html
The LTM Specialist notices the OneConnect feature is working incorrectly.
Why is OneConnect functioning incorrectly?

Given a tcpdump on an LTM device from both sides of a connection on the External and Internal VLANs,
how should an LTM Specialist determine if SNAT is enabled for a particular pool?

An LTM Specialist is tasked with ensuring that the syslogs for the LTM device are sent to a remote syslog
server.
The following is an extract from the config file detailing the node and monitor that the LTM device is using
for the
remote syslog server:
monitor
Syslog_15002 {
defaults from udp
dest *:15002
}
node 91.223.45.231 {
monitor Syslog_15002
screen RemoteSYSLOG
}
There seem to be problems communicating with the remote syslog server. However, the pool monitor
shows that the remote server is up.
The network department has confirmed that there are no firewall rules or networking issues preventing the
LTM device from
communicating with the syslog server. The department responsible for the remote syslog server indicates
that there may
be problems with the syslog server. The LTM Specialist checks the BIG-IP LTM logs for errors relating to
the remote syslog
server. None are found. The LTM Specialist does a tcpdump:
tcpdump -nn port 15002, with the following results:
21:28:36.395543 IP 192.168.100.100.44772 > 91.223.45.231.15002: UDP, length 19
21:28:36.429073 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 169
21:28:36.430714 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 181
21:28:36.840524 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 169
21:28:36.846547 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 181
21:28:39.886343 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 144
NotE. 192.168.100.100 is the self IP of the LTM device.
Why are there no errors for the remote syslog server in the log files?

A virtual server for a set of web services is constructed on an LTM device. The LTM Specialist has created
an iRule and applied this iRule to the virtual server:
when HTTP_REQUEST {
switch [HTTP::uri] {
“/WS1/ws.jsp” {
log local0. “[HTTP::uri]-Redirected to JSP Pool”
pool JSP
}
default { log local0. “[HTTP::uri]-Redirected to Non-JSP Pool”
pool NonJSP
}
}}
However, the iRule is NOT behaving as expected. Below is a snapshot of the log:
/WS1/ws.jsp-Redirected to JSP Pool
/WS1/ws.jsp-Redirected to JSP Pool
/WS1/ws.jsp-Redirected to JSP Pool
/WS1/WS.jsp-Redirected to Non-JSP Pool
/ws1/WS.jsp-Redirected to Non-JSP Pool
/WS1/ws.jsp-Redirected to JSP Pool
/ws1/ws.jsp-Redirected to Non-JSP Pool
What is the problem?

An LTM Specialist sees these entries in /var/log/ltm:
Oct 25 03:34:31 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see
RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see
RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see
RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see
RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see
RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:33 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see
RFC5746) aborteD. 172.16.20.1:443
Assume 172.16.20.0/24 is attached to the VLAN “internal.”
What should the LTM Specialist use to troubleshoot this issue?

An application is configured on an LTM device:
Virtual server: 10.0.0.1:80 (VLAN vlan301)
SNAT IP: 10.0.0.1
Pool members: 10.0.1.1:8080, 10.0.1.2:8080, 10.0.1.3:8080 (VLAN vlan302)
Which packet capture should the LTM Specialist perform on the LTM device command line interface to
capture only server traffic specifically for this application?

An LTM Specialist is troubleshooting virtual server 10.0.0.1:443 residing on VLAN vlan301. The web
application is accessed via www.example.com. The LTM Specialist wants to save a packet capture with
complete decrypted payload for external analysis.
Which command should the LTM Specialist execute on the LTM device command line interface?

Given this as the first packet displayed of an ssldump:
2 2 1296947622.6313 (0.0001) S>CV3.1(74) Handshake
ServerHello
Version 3.1
random[32]=
19 21 d7 55 c1 14 65 63 54 23 62 b7 c4 30 a2 f0
b8 c4 20 06 86 ed 9c 1f 9e 46 0f 42 79 45 8a 29
session_id[32]=
c4 44 ea 86 e2 ba f5 40 4b 44 b4 c2 3a d8 b4 ad
4c dc 13 0d 6c 48 f2 70 19 c3 05 f4 06 e5 ab a9
cipherSuite TLS_RSA_WITH_RC4_128_SHA
compressionMethod NULLIn reviewing the rest of the ssldump, the application data is NOT being decrypted.
Why is ssldump failing to decrypt the application data?