Highlighted
jhall69
1 Nickel

ESRS Network Connectivity (NAT)

Hi,

I've installed ESRS VE 3.32 and I'm having difficulty getting past the network checks. The ESRS VE box sits in our network with a private IP address which is NAT'ed via a firewall to the outside. Originally I tried using a proxy to route out (proxy's north of said FW) but this didn't work (I ensured TLS wasn't changed). I've then bypassed the proxy so that only the FW is between the ESRS VE and Dell/Emc, but to no avail.

The FW shows both SYN and SYN-ACK coming back, but according to the server it's failing all tests. It states ESRS is NAT friendly, but I'm starting to worry that's not correct. Has anyone got this working through a NAT'ed (not transparent) install.

Many thanks,

Jonjo

Tags (3)
0 Kudos
5 Replies
FrankMS
1 Nickel

Re: ESRS Network Connectivity (NAT)

Hi,

Sometimes the network check is reporting incorrect results. A meaningful test from the VM itself would be a

curl -v -k https://esrs3.emc.com

curl -v -k https://esrs3-core.emc.com

if these two work (the second will probably end in a SSL handshake failure, but SSL handshake will at least be started), please follow fix 1 in KB article 503235 to be able to skip the network check. There will be an option in the GUI to skip the network check in a future version, unfortunately not in 3.32 yet.

If provisioning does not work, indicating a real issue with the network connectivity, please open a SR with support to get assistance.

Regards

Frank

0 Kudos
jhall69
1 Nickel

Re: ESRS Network Connectivity (NAT)

Thanks for that Frank. I was using OpenSSL to test, but with Curl I get the following refusal :

Curl error.jpg

0 Kudos
FrankMS
1 Nickel

Re: ESRS Network Connectivity (NAT)

Connection refused indicates that there is a device responding to the connection request with an ICMP message that the connection is not accepted. This is probably a firewall inside your network as the servicer itself accepts https connections. This indicates that you are in fact not able to connect to the server over the network. You mentioned using a proxy, does it work through the proxy? To set the proxy for curl:

export https_proxy=proxy_ipSmiley Tongueort

0 Kudos
jhall69
1 Nickel

Re: ESRS Network Connectivity (NAT)

Thanks for your help. There was an issue with the firewall that's been fixed (wrong IP) and now CURL direct is getting a timeout. This is the CURL output via the proxy.

Curl via proxy.jpg

0 Kudos
FrankMS
1 Nickel

Re: ESRS Network Connectivity (NAT)

I would suggest to start the provisioning again and run the Network check with the proxy configured. I think it should work now and allow provisioning to proceed

0 Kudos