Brian As I said you can reproduce this with stunnel "client = no" , telnet to "accept" port and tcpdump. As soon as you hit ^] and type "q" to close connection you will see "RST" coming from stunnel. I understand that tcp/ip is not part of stunnel. Theres got to be some way to close() socket and have OS send RST. Its very old BigIP version 3.3.1 ===== bigip.conf ===== pool appgen_1.1.1.69.8843 { lb_method least_conn member 2.2.2.140:8843 ratio 1 priority 1 member 2.2.2.150:8843 ratio 1 priority 1 } pool appgen_1.1.1.69.8844 { lb_method least_conn member 2.2.2.140:8844 ratio 1 priority 1 member 2.2.2.150:8844 ratio 1 priority 1 } vip 1.1.1.69:8843 unit 1 { netmask 255.255.255.0 broadcast 1.1.1.255 use pool appgen_1.1.1.69.8843 } vip 1.1.1.69:8844 unit 1 { netmask 255.255.255.0 broadcast 1.1.1.255 use pool appgen_1.1.1.69.8844 } =========== stunnel.conf ============ setuid = nobody setgid = nogroup CApath = /usr/local/etc/stunnel/certs cert = /usr/local/etc/stunnel/cacert.pem key = /usr/local/etc/stunnel/privkey-nopass.pem debug = 2 output = /var/log/stunnel.log client = no verify = 1 delay = yes [something1] accept = 8843 connect = 127.0.0.1:11111 TIMEOUTclose = 0 [something2] accept = 8844 connect = 127.0.0.1:22222 TIMEOUTclose = 0