I have set up a new site to site VPN tunnel between my site and a customers. On this new tunnel, I have two MySQL clients on my side and the Server is on the far end. Each host can send queries to the server individually without an issue. However, when both hosts query at the same time, the connections fail and I get a weird RST, ACK packet. The packet is weird because:
-
The packet has an Identification number that is anywhere from 30k to 50k higher than the previous packet sent from / to the same IP's.
-
The source IP of the packet is the Server, but the captures on the far end of the tunnel do not see it. It is only seen in the two captures locations on my end.
The setup is:
my clients <--> my side ASA <------> far side Palo Alto <--> far side server
Capture points are:
- Port Span of switch ports the clients connect to
- ASA internal captures
- Palo Alto internal capture
- Capture on the server
This new tunnel is replacing an older tunnel on legacy equipment we are decommissioning. On the old tunnel, these collisions do not happen even when clients query at the same time.
No comments:
Post a Comment