SSH broken pipe - asymetric routing issue?

bryon

Hi,
I am receiving a broken pipe when I SSH to a machine in a different subnet. My research indicates it is linked to asymetric routing - but I am not experienced enough to diagnose it properly.

I have two intefaces:
LAN: 10.10.0.0/24
CORE: 10.10.10.0/24
Each have their own physical NIC and there are no VLANs.

When I SSH to a server in the LAN network from the CORE network, after about 30 seconds the session hangs and then terminates with:

packet_write_wait: Connection to 10.10.0.79 port 22: Broken pipe

I have looked int he logs and can't find anything that is happening when the session is terminating.

If I am directly patched into the LAN network I do not experience broken pipes. It is only when patched into the CORE network.

Looking for suggestions to diagnose the problem.

Thanks

I have the following firewall rules set up:
LAN

States		Protocol	Source	Port	Destination	Port		Gateway	Queue	Schedule	Description
0 /61.09 MiB	*		*	*	LAN Address	443, 80, 22	*	*			Anti-Lockout Rule	
0 /46.25 GiB	IPv4 *		LAN net	*		*	*		*	none		 	Default allow LAN to any rule	    
0 /0 B		IPv6 *		LAN net	*		*	*		*	none		 	Default allow LAN IPv6 to any rule

CORE

States		Protocol	Source	Port	Destination	Port		Gateway	Queue	Schedule	Description
167 /45.82 GiB	IPv4 *		CORE net	*	*	*		*	none		 	Default allow CORE to any rule
0 /0 B		IPv6 *		CORE net	*	*	*		*	none

bryon

I have done some diagnosis and I realise that the traffic is coming back from a second NIC. So it is indeed asymmetric routing.

bryon

@bryon I decided the simplest and most secure way forward is to create a jumpbox with two NICs. I ssh to the jumpbox when I need to access the management LAN.
I plan to add a web proxy to the jump box so I can access web-based machines in the management LAN.
If anyone has alternate ideas then I'd love to hear them.