安全连接网关虚拟版本(虚拟设备/SCG-VE):无法注册安全连接网关
Summary: 由于默认 MTU 大小,安全连接网关无法注册,并且无法连接到戴尔后端。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
即使本地系统可以通过端口 443 和 8443 连接到 Dell Enterprise 服务器,注册安全连接网关也会失败并显示以下错误。
We cannot connect to the Dell backend. Please check and verify your network configuration, ports 8443 and 443 are required and must be open to esrs3-core.emc.com,esrs3-coredr.emc.com.
connectivityreport.log:
2023-02-12 07:12:41,863 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 8443 , IOException ConnectTimeoutException 2023-02-12 07:12:41,863 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 8443 , Exception - Connect to esrs3-core.emc.com:8443 [esrs3-core.emc.com/128.221.236.246] failed: Read timed out 2023-02-12 07:12:41,863 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] connStatus after skipProxy false 2023-02-12 07:12:41,863 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] Proxy not enabled, try bypass proxy 2023-02-12 07:12:41,863 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] Proxy is null so skipProxy() 2023-02-12 07:12:41,872 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 8443 , IOException ConnectTimeoutException 2023-02-12 07:12:41,872 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 8443 , Exception - Connect to esrs3-coredr.emc.com:8443 [esrs3-coredr.emc.com/168.159.224.236] failed: Read timed out 2023-02-12 07:12:41,872 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] connStatus after skipProxy false 2023-02-12 07:12:41,872 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] Proxy not enabled, try bypass proxy 2023-02-12 07:12:41,872 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] Proxy is null so skipProxy() 2023-02-12 07:12:52,068 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 8443 , IOException ConnectTimeoutException 2023-02-12 07:12:52,069 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 8443 , Exception - Connect to esrs3-core.emc.com:8443 [esrs3-core.emc.com/128.221.236.246] failed: Read timed out 2023-02-12 07:12:52,069 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] connStatus after skipProxy false 2023-02-12 07:12:52,069 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] Call populateConnectivityBean: host esrs3-core.emc.com port: 8443 2023-02-12 07:12:52,069 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] Proxy not enabled, try bypass proxy 2023-02-12 07:12:52,069 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] Proxy is null so skipProxy() 2023-02-12 07:12:52,087 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 8443 , IOException ConnectTimeoutException 2023-02-12 07:12:52,088 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 8443 , Exception - Connect to esrs3-coredr.emc.com:8443 [esrs3-coredr.emc.com/168.159.224.236] failed: Read timed out 2023-02-12 07:12:52,088 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] connStatus after skipProxy false 2023-02-12 07:12:52,088 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] Call populateConnectivityBean: host esrs3-coredr.emc.com port: 8443 2023-02-12 07:12:52,088 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] Proxy not enabled, try bypass proxy 2023-02-12 07:12:52,088 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] Proxy is null so skipProxy() 2023-02-12 07:12:54,485 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 443 , IOException SSLHandshakeException 2023-02-12 07:12:54,485 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 443 , Exception - Received fatal alert: handshake_failure 2023-02-12 07:12:54,485 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 443 , SSLException or SSLHandshakeException. Consider this as success as just we are checking connectivity to backend core enterprise server. 2023-02-12 07:12:54,485 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] connStatus after skipProxy true 2023-02-12 07:12:54,485 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] avgCount: 1 timeTaken: 2397 host: esrs3-coredr.emc.com 2023-02-12 07:12:54,485 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] Proxy not enabled, try bypass proxy 2023-02-12 07:12:54,486 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] Proxy is null so skipProxy() 2023-02-12 07:12:54,503 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 443 , IOException SSLHandshakeException 2023-02-12 07:12:54,503 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 443 , Exception - Received fatal alert: handshake_failure 2023-02-12 07:12:54,503 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 443 , SSLException or SSLHandshakeException. Consider this as success as just we are checking connectivity to backend core enterprise server. 2023-02-12 07:12:54,503 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] connStatus after skipProxy true 2023-02-12 07:12:54,503 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] avgCount: 1 timeTaken: 2434 host: esrs3-core.emc.com 2023-02-12 07:12:54,503 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] Proxy not enabled, try bypass proxy 2023-02-12 07:12:54,503 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] Proxy is null so skipProxy() 2023-02-12 07:12:56,838 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 443 , IOException SSLHandshakeException 2023-02-12 07:12:56,838 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 443 , Exception - Received fatal alert: handshake_failure 2023-02-12 07:12:56,838 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 443 , SSLException or SSLHandshakeException. Consider this as success as just we are checking connectivity to backend core enterprise server. 2023-02-12 07:12:56,838 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] connStatus after skipProxy true 2023-02-12 07:12:56,838 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] avgCount: 2 timeTaken: 4750 host: esrs3-coredr.emc.com 2023-02-12 07:12:56,838 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] Call populateConnectivityBean: host esrs3-coredr.emc.com port: 443 2023-02-12 07:12:56,838 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Time taken: 4750 2023-02-12 07:12:56,838 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] avgPingTime: 2375.0 2023-02-12 07:12:56,838 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] Latch count is 1 2023-02-12 07:12:56,838 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] ---------------------------------------- 2023-02-12 07:12:56,945 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 443 , IOException SSLHandshakeException 2023-02-12 07:12:56,946 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 443 , Exception - Received fatal alert: handshake_failure 2023-02-12 07:12:56,946 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 443 , SSLException or SSLHandshakeException. Consider this as success as just we are checking connectivity to backend core enterprise server.
捕获的网络跟踪 Tcpdump 命令指示 SCG-VE 可以通过端口 443 和 8443 连接 Dell Enterprise 服务器。
Cause
默认情况下,安全连接网关使用 1500 MTU 大小连接到 Dell Enterprise 服务器。但是,客户的 Internet 提供商不允许 1500 MTU 大小。
Resolution
直接在 SCG-VE 上执行以下命令,以将 MTU 大小更改为 1454。
更改 SCG-VE 上 eth0 的 MTU 大小无法解决问题,因为 SCG-VE 上名为“esrsde-app”的其中一个容器连接到戴尔后端。
检查 sae-srs-bridge 的当前 MTU 大小:
ifconfig sae-srs-bridge
# ifconfig sae-srs-bridge
sae-srs-b Link encap:Ethernet HWaddr 02:42:25:62:85:66
inet addr:172.18.0.1 Bcast:172.18.0.7 Mask:255.255.255.248
inet6 addr: fe80::42:25ff:fe62:8566/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2472 errors:0 dropped:0 overruns:0 frame:0
TX packets:2528 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12309976 (11.7 Mb) TX bytes:289066 (282.2 Kb)
在执行任何更改之前先拍摄虚拟机的快照,详情如下:
docker network disconnect sae-srs-bridge saede-app docker network disconnect sae-srs-bridge esrsde-app docker network disconnect sae-srs-bridge esrsalert-app docker network rm sae-srs-bridge docker network create --driver bridge --subnet 172.18.0.1/29 --opt com.docker.network.bridge.name=sae-srs-bridge --opt com.docker.network.driver.mtu=1454 sae-srs-bridge docker network connect sae-srs-bridge esrsde-app docker network connect sae-srs-bridge saede-app docker network connect sae-srs-bridge esrsalert-app
验证:
ifconfig sae-srs-bridge
# ifconfig sae-srs-bridge
sae-srs-b Link encap:Ethernet HWaddr 02:42:DE:D8:AB:D2
inet addr:172.18.0.1 Bcast:172.18.0.7 Mask:255.255.255.248
inet6 addr: fe80::42:deff:fed8:abd2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1454 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:746 (746.0 b)
仅供参考:
如果在上述更改后无法访问 UI,则 重新启动 虚拟机并等待 4 分钟,以便容器初始化。或者重新启动服务 systemctl restart esrsve.service。
Affected Products
Secure Connect Gateway, Secure Connect Gateway - Virtual EditionArticle Properties
Article Number: 000210912
Article Type: Solution
Last Modified: 24 Jul 2024
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.