tunnel client hub can't connect to tunnel - error 10060 (-2)
search cancel

tunnel client hub can't connect to tunnel - error 10060 (-2)

book

Article ID: 191454

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

Client Tunnel hub does not communicate to its Hub Tunnel server

1. The hub.log captures error below:

SSL_CONNECT - CONNECT TO 'XXXXXXXX': 48003 FAILED (10060)
TSESS COULD NOT CONNECT TO TUNNEL 'XXXXXXX' 48003 (-2)

2. Telnet from the client HUB to the tunnel server via port 48003 fails eventhough the firewall shows an "Accept".

3. Packet tracing (tcpdump/wireshark) on the tunnel server shows 'some' communication on port 48003 from the client.

Environment

  • Release: 9.0.2
  • Component: UIM - HUB

Cause

  • This is seen when incoming traffic on port 48003 to the Tunnel server is not completely open.

Resolution

***Client to tunnel hub communication had a missing route for the return packet. The client hub was able to reach the tunnel hub but the TCP handshake could not be completed because the communication had blocked the route aggregate / route announcement so the return packet was going nowhere.

***Need to open incoming traffic on port 48003 to tunnel from client per UIM Tunnel Configuration requirement:

Firewall Port Reference