For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ken_B_50116's avatar
Ken_B_50116
Icon for Cirrostratus rankCirrostratus
Mar 25, 2015
Solved

Servers using LTM as its gateway can ping but can't connect on 443

I have a situation where a group of servers that use LTM as their gateway can successfully ping and tracert to servers in a totally different subnet, but are unable to connect on port 443.   Speci...
application delivery
design
LTM
  • Jason_40733's avatar
    Jason_40733
    Mar 25, 2015

    I keep thinking asymmetric routing... but your ports match up. a tcpdump on the F5 may give you more info where you could see all the MAC addresses.

     

gsharri's avatar
gsharri
Icon for Altostratus rankAltostratus
Mar 25, 2015

I think your tcpdump is showing some problems. I see two syn packets with the same seq number initiated from the 10 host: 10.54.13.101.14196 > 172.22.0.100.https : S the first one with a correct cksum the second is incorrect and the TTL has been decremented compared to the first.

 

Then I see the 172 host respond with a syn-ack 172.22.0.100.https > 10.54.13.101.14196: S,...ack. But then the 172 host initiates another connection to the 10 host 172.22.0.100.46740 > 10.54.13.101.14196: S and the cksum is incorect.

 

Then the 10. host sends tcp resets to 172.22.0.100.https and 172.22.0.100.46740. Again one cksum is correct the other incorrect.

 

There is something strange happening here, not sure what it is...