Forum Discussion
CirrostratusUser able to telnet to VIP 80 but not 443 for same VIP
Hi All,
We are using http 80 to https 443 redirect . User is able to telnet to the port 80 but not port 443 . I took packet capture to see what is happening Connections are seen when telnet to VIP port 80 made . But not when user trying to telnet on port 443 . We have on VIP set up with ip protocol TCP rule is http2https which is fine. Profile fastl4 . Same set up on the 443 VIP . VIP status is available. Also this device is in DMZ so are 443 blocked in DMZ environment .
Any help will be appreciated.
7 Replies
- Kevin_Stewart
Employee
Might it be possible that your telnet isn't able to negotiate an SSL session with the 443 VIP? If you run a tcpdump capture in front of the 443 VIP, do you see packets coming from the telnet client?
SynACk_128568Hi Kevin,
I took PC : tcpdump -ni any host CLient IP
Client tried to telnet to VIP 443 using portquery . Any suggestions
- SynACk_128568Also when i telnet on the LTm itself to the VIP 443 . It is not connecting
- Kevin_Stewart
So you're saying you do see traffic coming from the client to the 443 VIP? If yes, I'm assuming you see a complete 3-way TCP handshake and then it dies almost immediately after that?
- SynACk_128568
No kevin i am not seeing any traffic coming to the VIP when user tries to telnet VIP 443 what is strange why i am not able to telnet to the port 443 there is also secondary VIP for same set up on different LTM but which i dont think is in DMZ . User is able to telnet it . I compared the Config everything is same except working has rule SNAT2VIP .
Also can it be anything with portlockdown on the interface but for that LTM will send RST i guess.
- Kevin_Stewart
Let's transfer this conversation to your other thread:
https://devcentral.f5.com/questions/telnet-not-working-on-the-port-443-but-working-on-port-80
- SynACk_128568
sure thanks
