Forum Discussion

southern_shred1's avatar
southern_shred1
Icon for Nimbostratus rankNimbostratus
Feb 28, 2019

SSL VIP accessible from browser but not from CLI

Hi   A VIP with an SSL profile works fine when client connects through a browser.   But connection is refused (TCP reset) when client connects from CLI to VIP.   A TCPdump of the CLI attem...
southern_shred1's avatar
southern_shred1
Icon for Nimbostratus rankNimbostratus
Feb 28, 2019

1) Yes, the TCP reset is from the TCP handshake

2) The CLI is from the device trying to access the VIP

TCP DUMP, hope this helps

2 0.614331       10.253.140.57         10.252.85.5           TCP      81     43602 → 443 [SYN] Seq=0 Win=29200 Len=0 MSS=1380 SACK_PERM=1 TSval=339278132 TSecr=0 WS=128 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

  3 0.615097       10.253.140.57        10.252.85.5           TCP      100    43602 → 443 [ACK] Seq=1 Ack=1 Win=3737600 Len=0 TSval=339278132 TSecr=702242621 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

  4 0.615239       10.253.140.57         10.252.85.5           TLSv1.2  289    Client Hello [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

  5 0.637168       10.253.140.57         10.252.85.5           TCP      100    43602 → 443 [ACK] Seq=190 Ack=1369 Win=4027392 Len=0 TSval=339278155 TSecr=702242643 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

  6 0.637265       10.253.140.57         10.252.85.5           TCP      100    43602 → 443 [ACK] Seq=190 Ack=2737 Win=4377600 Len=0 TSval=339278155 TSecr=702242643 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

  7 0.637269       10.253.140.57         10.252.85.5           TCP      100    43602 → 443 [ACK] Seq=190 Ack=4105 Win=4727808 Len=0 TSval=339278155 TSecr=702242643 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

  8 0.637694       10.253.140.57         10.252.85.5           TCP      100    43602 → 443 [ACK] Seq=190 Ack=5473 Win=5078016 Len=0 TSval=339278155 TSecr=702242644 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

  9 0.637895       10.253.140.57         10.252.85.5           TCP      100    43602 → 443 [ACK] Seq=190 Ack=5879 Win=5428224 Len=0 TSval=339278155 TSecr=702242644 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

 10 0.681912       10.253.140.57         10.252.85.5           TLSv1.2  226    Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

 11 0.683215       10.253.140.57         10.252.85.5           TCP      100    43602 → 443 [ACK] Seq=316 Ack=5885 Win=5428224 Len=0 TSval=339278201 TSecr=702242689 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

 12 0.683313       10.253.140.57         10.252.85.5           TCP      100    43602 → 443 [ACK] Seq=316 Ack=5930 Win=5428224 Len=0 TSval=339278201 TSecr=702242690 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

 13 0.683466       10.253.140.57         10.252.85.5           TCP      100    43602 → 443 [ACK] Seq=316 Ack=5986 Win=5428224 Len=0 TSval=339278201 TSecr=702242690 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

 14 0.683618       10.253.140.57         10.252.85.5           TLSv1.2  193    Application Data [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

 15 0.683731       10.253.140.57         10.252.85.5           TLSv1.2  178    Application Data [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

 16 0.683854       10.253.140.57         10.252.85.5           TLSv1.2  138    Application Data [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

 17 0.684846       10.253.140.57         10.252.85.5           TCP      81     43604 → 443 [SYN] Seq=0 Win=29200 Len=0 MSS=1380 SACK_PERM=1 TSval=339278202 TSecr=0 WS=128 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

 18 0.685366       10.253.140.57         10.252.85.5           TCP      100    43604 → 443 [ACK] Seq=1 Ack=1 Win=3737600 Len=0 TSval=339278203 TSecr=702242692 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

 19 0.685497       10.253.140.57         10.252.85.5           TLSv1.2  289    Client Hello [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

 20 0.707325       10.253.140.57         10.252.85.5           TCP      100    43604 → 443 [ACK] Seq=190 Ack=1369 Win=4027392 Len=0 TSval=339278225 TSecr=702242713 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

 22 0.707343       10.253.140.57         10.252.85.5           TCP      100    43604 → 443 [ACK] Seq=190 Ack=4105 Win=4727808 Len=0 TSval=339278225 TSecr=702242713 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
 23 0.707920       10.253.140.57         10.252.85.5           TCP      100    43604 → 443 [ACK] Seq=190 Ack=5473 Win=5078016 Len=0 TSval=339278225 TSecr=702242714 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
 24 0.707926       10.253.140.57         10.252.85.5           TCP      100    43604 → 443 [ACK] Seq=190 Ack=5879 Win=5428224 Len=0 TSval=339278225 TSecr=702242714 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
 25 0.710537       10.253.140.57         10.252.85.5           TLSv1.2  226    Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
 26 0.712239       10.253.140.57         10.252.85.5           TCP      100    43604 → 443 [ACK] Seq=316 Ack=5986 Win=5428224 Len=0 TSval=339278230 TSecr=702242718 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
 27 0.712401       10.253.140.57         10.252.85.5           TLSv1.2  193    Application Data [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

 28 0.712406       10.253.140.57         10.252.85.5           TLSv1.2  178    Application Data [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

 29 0.712526       10.253.140.57         10.252.85.5           TLSv1.2  138    Application Data [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

 30 0.713693       10.253.140.57         10.252.85.5           TCP      81     43606 → 443 [SYN] Seq=0 Win=29200 Len=0 MSS=1380 SACK_PERM=1 TSval=339278231 TSecr=0 WS=128 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

 31 0.714210       10.253.140.57         10.252.85.5           TCP      100    43606 → 443 [ACK] Seq=1 Ack=1 Win=3737600 Len=0 TSval=339278232 TSecr=702242720 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

Recent Discussions