I have a linux server, where as long as the client is on a routed interface, SVI, etc and as long as the access list permits it, the client can connect just fine via SSH.
Once the client(s) move behind any NAT, the connection (SSH) between the client starts - and then just when it should establish (when not behind a NAT - it can accomplish this in about 100 packets start to finish)- the client throws out a FIN ACK and the session is shutdown.
I thought it could possibly be TCP timestamps - but almost all of the other linux boxes have TCP timestamps on, and they are not affected at all.
Any clue as to why this one server doesnt like clients behind NAT? I've tried doing 1:1 NAT - no help.
also, one caveat. Cisco Twice NAT works over an SSL VPN - but its the only NAT out of 4 that I've tried that does work. And I cant seem to replicate this type of NAT on any other device (needs to work on a Fortigate VPN - both IPSEC and SSL clients cant finish establishing a connection to this one server).
I did just open a case with Fortinet as well, but I'm honestly not expecting anything helpful initially - primarily, because I dont think its a Fortinet issue. Since, this behavior is replicatable by multiple platforms.
anyways, anyone have any ideas?
No comments:
Post a Comment