I've run into an interesting problem with a TCP application.
I have a content rule setup to balance TCP traffic to two servers. This is a one-armed configuration so I am NAT/PAT'ing traffic using a source group.
When the TCP session is trying to be established, I see hits to the service itself, but not to the group with that same destination service configured.
I've run sniffer traces to look at the traffic and verified that the CSS seems to be dropping the traffic.
I tried a telnet from my PC to the virtual IP and TCP port, and that traffic seemed to route perfectly, but traffic from the devices that this configuration was meant for is being dropped.
The only difference I can see between my telnet TCP socket and the actual devices in question is that they are sending a TCP window size of zero. Could the CSS be seeing this as invalid?
When the devices are pointed directly at the server, they connect fine.
Any ideas?