Forum Discussion
southern_shred1
Nimbostratus
NimbostratusSSL VIP accessible from browser but not from CLI
Hi
A VIP with an SSL profile works fine when client connects through a browser.
But connection is refused (TCP reset) when client connects from CLI to VIP.
A TCPdump of the CLI attem...
southern_shred1Nimbostratus
Nimbostratus1) Yes, the TCP reset is from the TCP handshake
2) The CLI is from the device trying to access the VIP
TCP DUMP, hope this helps
2 0.614331 10.253.140.57 10.252.85.5 TCP 81 43602 → 443 [SYN] Seq=0 Win=29200 Len=0 MSS=1380 SACK_PERM=1 TSval=339278132 TSecr=0 WS=128 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
3 0.615097 10.253.140.57 10.252.85.5 TCP 100 43602 → 443 [ACK] Seq=1 Ack=1 Win=3737600 Len=0 TSval=339278132 TSecr=702242621 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
4 0.615239 10.253.140.57 10.252.85.5 TLSv1.2 289 Client Hello [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
5 0.637168 10.253.140.57 10.252.85.5 TCP 100 43602 → 443 [ACK] Seq=190 Ack=1369 Win=4027392 Len=0 TSval=339278155 TSecr=702242643 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
6 0.637265 10.253.140.57 10.252.85.5 TCP 100 43602 → 443 [ACK] Seq=190 Ack=2737 Win=4377600 Len=0 TSval=339278155 TSecr=702242643 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
7 0.637269 10.253.140.57 10.252.85.5 TCP 100 43602 → 443 [ACK] Seq=190 Ack=4105 Win=4727808 Len=0 TSval=339278155 TSecr=702242643 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
8 0.637694 10.253.140.57 10.252.85.5 TCP 100 43602 → 443 [ACK] Seq=190 Ack=5473 Win=5078016 Len=0 TSval=339278155 TSecr=702242644 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
9 0.637895 10.253.140.57 10.252.85.5 TCP 100 43602 → 443 [ACK] Seq=190 Ack=5879 Win=5428224 Len=0 TSval=339278155 TSecr=702242644 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
10 0.681912 10.253.140.57 10.252.85.5 TLSv1.2 226 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
11 0.683215 10.253.140.57 10.252.85.5 TCP 100 43602 → 443 [ACK] Seq=316 Ack=5885 Win=5428224 Len=0 TSval=339278201 TSecr=702242689 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
12 0.683313 10.253.140.57 10.252.85.5 TCP 100 43602 → 443 [ACK] Seq=316 Ack=5930 Win=5428224 Len=0 TSval=339278201 TSecr=702242690 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
13 0.683466 10.253.140.57 10.252.85.5 TCP 100 43602 → 443 [ACK] Seq=316 Ack=5986 Win=5428224 Len=0 TSval=339278201 TSecr=702242690 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
14 0.683618 10.253.140.57 10.252.85.5 TLSv1.2 193 Application Data [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
15 0.683731 10.253.140.57 10.252.85.5 TLSv1.2 178 Application Data [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
16 0.683854 10.253.140.57 10.252.85.5 TLSv1.2 138 Application Data [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
17 0.684846 10.253.140.57 10.252.85.5 TCP 81 43604 → 443 [SYN] Seq=0 Win=29200 Len=0 MSS=1380 SACK_PERM=1 TSval=339278202 TSecr=0 WS=128 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
18 0.685366 10.253.140.57 10.252.85.5 TCP 100 43604 → 443 [ACK] Seq=1 Ack=1 Win=3737600 Len=0 TSval=339278203 TSecr=702242692 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
19 0.685497 10.253.140.57 10.252.85.5 TLSv1.2 289 Client Hello [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
20 0.707325 10.253.140.57 10.252.85.5 TCP 100 43604 → 443 [ACK] Seq=190 Ack=1369 Win=4027392 Len=0 TSval=339278225 TSecr=702242713 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
22 0.707343 10.253.140.57 10.252.85.5 TCP 100 43604 → 443 [ACK] Seq=190 Ack=4105 Win=4727808 Len=0 TSval=339278225 TSecr=702242713 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
23 0.707920 10.253.140.57 10.252.85.5 TCP 100 43604 → 443 [ACK] Seq=190 Ack=5473 Win=5078016 Len=0 TSval=339278225 TSecr=702242714 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
24 0.707926 10.253.140.57 10.252.85.5 TCP 100 43604 → 443 [ACK] Seq=190 Ack=5879 Win=5428224 Len=0 TSval=339278225 TSecr=702242714 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
25 0.710537 10.253.140.57 10.252.85.5 TLSv1.2 226 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
26 0.712239 10.253.140.57 10.252.85.5 TCP 100 43604 → 443 [ACK] Seq=316 Ack=5986 Win=5428224 Len=0 TSval=339278230 TSecr=702242718 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
27 0.712401 10.253.140.57 10.252.85.5 TLSv1.2 193 Application Data [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
28 0.712406 10.253.140.57 10.252.85.5 TLSv1.2 178 Application Data [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
29 0.712526 10.253.140.57 10.252.85.5 TLSv1.2 138 Application Data [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
30 0.713693 10.253.140.57 10.252.85.5 TCP 81 43606 → 443 [SYN] Seq=0 Win=29200 Len=0 MSS=1380 SACK_PERM=1 TSval=339278231 TSecr=0 WS=128 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
31 0.714210 10.253.140.57 10.252.85.5 TCP 100 43606 → 443 [ACK] Seq=1 Ack=1 Win=3737600 Len=0 TSval=339278232 TSecr=702242720 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]