Istio - http return code 503 (Service Unavailable) on 302 (Found)

Hi all
I have problem with Istio and OpenLDAP (phpLDAPadmin).
The requests sent to phpLDAPadmin with 302 (Found) become 503 (Service Unavailable) on Istio Ingress Gateway.
When I try to invoke the same url without Ingress Gateway phpLDAPadmin works.
Other applications exposed by Ingress Gateway (like Gogs) work fine.
Istio version: 1.4.2

Scenario:
(host dap.montecampo.priv) -> INGRESSGW -> service ldap (port 80) -> pod ldap (targetPort 80)

kubectl get pods --namespace security -o wide
NAME                    READY   STATUS    RESTARTS   AGE   IP              NODE         NOMINATED NODE   READINESS GATES
ldap-6dd6499bd5-j9c7j   3/3     Running   0          36m   192.168.42.38   montecampo   <none>           <none>

kubectl get service --namespace security -o wide
NAME   TYPE       CLUSTER-IP    EXTERNAL-IP   PORT(S)        AGE   SELECTOR
ldap   NodePort   10.96.213.6   <none>        80:31659/TCP   43m   app=ldap

kubectl get virtualservice --namespace security -o wide
NAME   GATEWAYS         HOSTS                    AGE
ldap   [ldap-gateway]   [ldap.montecampo.priv]   44m

kubectl get gateway --namespace security -o wide
NAME           AGE
ldap-gateway   44m

TCPDUMP
montecampo.1972 > 192.168.42.12.http
GET /cmd.php?cmd=refresh&server_id=1&noheader=1&purge=1&meth=ajax HTTP/1.1
Host:ldap.montecampo.priv
User-Agent: curl/7.67.0
Accept: /

192.168.42.12.55606 > 192.168.42.38.http
GET /cmd.php?cmd=refresh&server_id=1&noheader=1&purge=1&meth=ajax HTTP/1.1
host: ldap.montecampo.priv

192.168.42.38.http > 192.168.42.12.55606
HTTP/1.1 302 Found

Location: cmd.php?cmd=draw_tree_node&noheader=1&server_id=1&meth=ajax&frame=TREE

After 5 sec (I have tried to change timeout on virtualservice getting another error):
192.168.42.12.http > montecampo.1972
HTTP/1.1 503 Service Unavailable
upstream connect error or disconnect/reset before headers. reset reason: connection termination

Configuration:

apiVersion: v1
kind: Namespace
metadata:
  name: security

---

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: ldap-gateway
  namespace: security
spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "ldap.montecampo.priv"

---

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: ldap
  namespace: security
spec:
  hosts:
  - "ldap.montecampo.priv"
  gateways:
  - ldap-gateway
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        port:
          number: 80
        host: ldap

---

apiVersion: v1
kind: Service
metadata:
  name: ldap
  namespace: security
  labels:
    app: ldap
spec:
  type: NodePort
  ports:
  - name: ldap-http
    port: 80
    targetPort: 80
  selector:
    app: ldap
    
---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: ldap
  namespace: security
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ldap
      version: v1
  template:
    metadata:
      labels:
        app: ldap
        version: v1
    spec:
      volumes:
      - name: openldap-vol
        hostPath:
          path: /home/carnevale/data/security/openldap
      containers:
      - image: osixia/openldap
        imagePullPolicy: IfNotPresent
        name: openldap
        env:
        - name: LDAP_ORGANISATION
          value: "Carnevale"
        - name: LDAP_DOMAIN
          value: "carnevale.priv"
        - name: LDAP_BASE_DN
          value: ""
        - name: LDAP_ADMIN_PASSWORD
          value: "capracotta1421"
        ports:
        - containerPort: 389
        volumeMounts:
        - name: openldap-vol
          mountPath: /var/lib/ldap
      - image: osixia/phpldapadmin
        imagePullPolicy: IfNotPresent
        name: openldapweb
        ports:
        - containerPort: 80
        env:
        - name: PHPLDAPADMIN_LDAP_HOSTS
          value: "127.0.0.1"
        - name: PHPLDAPADMIN_HTTPS
          value: "false"

Regards
Giacomo