@subba8786 based on my experiences with some of our clients we faces same issue when this user trying to install PSC in his machine and we found some of reasons for rollback;   - Make sure youe Anti-Virus not blocking PSC (Whitelisting Pulse Secure Client). - Esclate User privilge to Admin. - Use any other machine not a part of Domain Group (Workgroup).    I hope this Information helpful   Thanks Fawaz Eldiasti ... View more

@tahmor  could you please make sure that ESP UDP:4500  Port is not blocked from the F5 to the external interfaces on the PSA cluster, and make sure that you disabled the SPI lookup to maintain an ESP connection.   ""In BIG-IP 11.0.0, additional Traffic Management Microkernel (TMM) handling of IPsec traffic was introduced with the ability of the BIG-IP system to terminate an IPsec connection as an IPsec SA endpoint. When processing an IPsec connection, TMM uses the IPsec ESP Security Parameter Index (SPI) in the connection flow hash to uniquely identify the connection.   If you pass IPsec ESP traffic through an IP forwarding or FastL4 virtual server, because the SPI is not symmetric, it will likely not be the same from client to server as from server to client. When forwarding IPsec ESP traffic through an IP forwarding virtual server, if the SPI in the server to client response packet has changed, TMM will not identify the response as matching an existing traffic flow and drop the packet. To pass the IPsec ESP reply traffic, you must disable the BIG-IP system from using the SPI to identify the connection flow.   The ipsec.lookupspi database variable added in BIG-IP 11.2.0 allows you to disable the BIG-IP system from using the SPI to identify the connection flow.   Fore more info, kindly finb below article: https://support.f5.com/csp/article/K14169 ... View more