Forum Discussion
Failed to connect Edge client
Dears,
We are having problems during the first connection of the VPN (Edge Client) to the APM, we notice that whenever communication fails during the download of files, TCPDUMP displays to TCP Zero Window Reset in a connection between two internal IPs of BigiP.
The following is an excerpt from tcpdump with failure:
16:12:45.141945 IP 127.1.1.1.54395 > 127.0.0.1.8888: Flags [R.], seq 303, ack 409516, win 0, length 0 out slot1/tmm0 lis=_tmm_apm_portal_cache_vip flowtype=135 flowid=5700014DAA00 peerid=5700014D1600 conflags=24800024 inslot=1 inport=1 haunit=0 priority=3 rst_cause="[0x23d7a0a:9397] {peer} TCP zero window timeout" peerremote=00000000:00000000:0000FFFF:0AFA2DA4 peerlocal=00000000:00000000:0000FFFF:7F010101 remoteport=54395 localport=8080 proto=6 vlan=0
16:12:45.142000 IP 127.1.1.1.8080 > 10.250.45.164.54395: Flags [R.], seq 346516, ack 303, win 0, length 0 out slot1/tmm0 lis=_tmm_apm_portal_cache_vip flowtype=71 flowid=5700014D1600 peerid=0 conflags=84800024 inslot=1 inport=1 haunit=0 priority=3 rst_cause="[0x23d7a0a:9397] TCP zero window timeout" peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
16:12:45.142002 IP 127.1.1.1.8080 > 10.250.45.164.54395: Flags [R.], seq 346516, ack 303, win 0, length 0 in slot1/tmm0 lis=/Common/CS_EBT_VS_APM_ENDPOINT flowtype=128 flowid=5700014D4300 peerid=5700014D9C00 conflags=84000C24 inslot=1 inport=1 haunit=0 priority=3 peerremote=00000000:00000000:0000FFFF:0AFA2DA4 peerlocal=00000000:00000000:0000FFFF:0A62CA46 remoteport=54395 localport=443 proto=6 vlan=1409
16:12:45.142079 IP 10.98.202.70.443 > 10.250.45.164.54395: Flags [R.], seq 140633, ack 787, win 0, length 0 out slot1/tmm0 lis=/Common/CS_EBT_VS_APM_ENDPOINT flowtype=64 flowid=5700014D9C00 peerid=0 conflags=100200004020224 inslot=1 inport=1 haunit=1 priority=3 rst_cause="[0x23d7a0a:2358] {peer} TCP RST from remote system" peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
I create a custom tcp profile and adjust the "Zero Window Timeout" and "Receive Window" to mitigate the initial download, however, the problem continues ocorring.
To do other tests I did a simple configuration in APM, only with LOGON <-> Webtop <-> Network Access <-> ACL (allow all) <-> DHCP.
I did the different station tests and the problem persists.
tcpdump section of the simple access profile.
23:21:25.800301 IP 10.98.202.150.443 > 10.254.18.236.51786: Flags [P.], seq 306318:307578, ack 647, win 1106, length 1260 out slot1/tmm0 lis=/Common/CS_VVO_VS_APM_ENDPOINT flowtype=64 flowid=5700014E2600 peerid=5700014E5D00 conflags=100200000020224 inslot=3 inport=1 haunit=1 priority=3 peerremote=00000000:00000000:0000FFFF:7F010101 peerlocal=00000000:00000000:0000FFFF:0AFE12EC remoteport=8080 localport=51786 proto=6 vlan=0
23:21:25.816092 IP 127.1.1.1.8080 > 10.254.18.236.51786: Flags [R.], seq 572056, ack 299, win 0, length 0 out slot1/tmm0 lis=_tmm_apm_portal_cache_vip flowtype=71 flowid=5700014E6700 peerid=0 conflags=80800024 inslot=1 inport=1 haunit=0 priority=3 rst_cause="[0x23d7a0a:9397] TCP zero window timeout" peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
23:21:25.816093 IP 127.1.1.1.8080 > 10.254.18.236.51786: Flags [R.], seq 572056, ack 299, win 0, length 0 in slot1/tmm0 lis=/Common/CS_VVO_VS_APM_ENDPOINT flowtype=128 flowid=5700014E5D00 peerid=5700014E2600 conflags=80000C24 inslot=1 inport=1 haunit=0 priority=3 peerremote=00000000:00000000:0000FFFF:0AFE12EC peerlocal=00000000:00000000:0000FFFF:0A62CA96 remoteport=51786 localport=443 proto=6 vlan=1414
23:21:25.816162 IP 10.98.202.150.443 > 10.254.18.236.51786: Flags [R.], seq 307578, ack 647, win 0, length 0 out slot1/tmm0 lis=/Common/CS_VVO_VS_APM_ENDPOINT flowtype=64 flowid=5700014E2600 peerid=0 conflags=100200000020224 inslot=1 inport=1 haunit=1 priority=3 rst_cause="[0x23d7a0a:2358] {peer} TCP RST from remote system" peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
Any idea how to solve this?
Thanks Adriano
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com