ICA Double Hop Deployment.
Bind STA server to vpn vserver in HOP1
bind next hop server to vpn vserver in HOP1.
Look at STA server state it should be down.

Related configuration:
Config to replicate: 
add server server-A 1.1.1.1
add server server-B 1.1.1.2
add service service-80-A server-A ANY 80 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip YES -useproxyport NO -sp OFF -cltTimeout 120 -svrTimeout 120 -CKA NO -TCPB NO -CMP NO
add service service-80-B server-B ANY 80 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip YES -useproxyport NO -sp OFF -cltTimeout 120 -svrTimeout 120 -CKA NO -TCPB NO -CMP NO
add lb vserver vserver-80 ANY 2.2.2.2 80 -persistenceType NONE -m TOS -tosId 1 -cltTimeout 120
bind lb vserver vserver-80 service-80-A
bind lb vserver vserver-80 service-80-B
add lb monitor Test-MON TCP -LRTM DISABLED -tos YES -tosId 1
bind service service-80-B -monitorName Test-MON
bind service service-80-A -monitorName Test-MON

Remove nexthop vpn global binding

---

Problem Cause

Caused by known issue where STA will be marked down in a double hop scenario.
NS initiates TCP healthcheck SYN packet, whose destination port is not 80, so the monitor probing fails and causing STA failure.

If destination IP is configured in monitor and it’s not TOS monitor we were overwriting that with server information destination IP.  
Destination Port not added in TOS monitor profile, Port information for monitor is not able to generate from LB Vserver

 

In a Double hop Access gateway setup the STA bound to first hop goes down after upgrade.As soon as unbind the nexthop server from VPN vserver STA is UP again.