Project

General

Profile

Actions

Bug #8964

open

IPsec async cryptography advanced setting - TCP traffic not passing through

Added by Vladimir Lind about 3 years ago. Updated 12 months ago.

Status:
New
Priority:
High
Assignee:
Category:
IPsec
Target version:
Start date:
09/27/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.4
Affected Architecture:

Description

Test setup:

Windows <-> SG2220 2.4.4-rel <---IPSEC---> SG3100 2.4.4-rel <-> Windows

IPsec (tunnel mode) with following settings:
P1 - mode Auto, AES128, SHA256, DH14
P2 - AES128GCM, no hash, PFS 14

ICMP between Win hosts is OK.
But SMB traffic is not going through with Async Crypto enabled on any side. I do see established TSP session. When I disable async crypto - SMB download immediately begin to flow.
Attached a packet dump sniffed on LAN of the 3100 - it is a snippet of the moment when async was disabled (lines 12-15) and SMB began to work.

Please refer also to trouble tickets 12812 and 12864 for additional details.


Files

dump_capt_on_lan.pcap (11.9 KB) dump_capt_on_lan.pcap Vladimir Lind, 09/27/2018 02:19 AM
Actions

Also available in: Atom PDF