Hub communication issues across a tunnel in a WAN environment

book

Article ID: 8047

calendar_today

Updated On:

Products

DX Infrastructure Management NIMSOFT PROBES

Issue/Introduction

Issues have been observed with hub communication when there is an SSL tunnel between hubs, but the hubs are on the same LAN or WAN and can communicate freely across the normal hub port (48002).

Cause

The hub routing can get confused about the routing and try to inappropriately communicate locally on port 48002 when it is expected that it will communicate over a tunnel.

Environment

Any environment with tunnel configuration, when the port 48002 is reachable on the network.

Resolution

The recommendation of CA is to only use a hub-to-hub tunnel when it is necessary to traverse networks (e.g. across the internet or firewalls).

If local, port-48002-based communication is available on the network, do not use a tunnel unless absolutely necessary (e.g. for encryption purposes).

If it is necessary to use a tunnel in such an environment, you will have better success if you block the local communication path (port 48002) in both ways to ensure that the hub doesn't try to bypass the tunnel.