Documentation Index

Fetch the complete documentation index at: https://docs.crossworkassurance.cisco.com/llms.txt

Use this file to discover all available pages before exploring further.

New: Try our AI‑powered Search (Ctrl + K) — Read more

Network Connectivity Checklist

Prev Next

Overview

Use this guide to diagnose and resolve connectivity issues between Sensor Agents, Sensor Collector, and Cisco Crosswork Assurance.

Quick Diagnostic Checklist

  • Verify network connectivity with curl/telnet
  • Check firewall rules for required ports
  • Validate DNS resolution
  • Confirm TLS/SSL certificates are valid
  • Review Docker networking configuration

Sensor Agent to Sensor Collector Connectivity

Using Curl to Check Connectivity

From within the container, test connectivity to Sensor Collector ports:

# Enter the container
sudo docker exec -it <CONTAINER_ID> /bin/bash -l

# Test management port (default 55777)
curl -k -vvv https://path.to.sensorcollector:55777

# Test data port (default 55888)
curl -k -vvv https://path.to.sensorcollector:55888

Expected Result: Connection details if successful, or timeout if blocked.

Common Causes of Connection Timeouts

  1. Local firewall blocking outbound connections
  2. Network firewall between agent and Sensor Collector
  3. Incorrect port configuration

Enabling LWS (Libwebsockets) Debugging

For detailed connection traces:

# Management connection debugging
docker exec -it <ContainerId> /usr/bin/agentStatus management debug lws err,info,warn,notice,debug,parser,header,ext,client,latency

# Data connection debugging
docker exec -it <ContainerId> /usr/bin/agentStatus data debug lws err,info,warn,notice,debug,parser,header,ext,client,latency

Checking Crosswork Assurance Reachability

Test Port 443 Connectivity

curl -fv https://<your-instance>.crossworkassurance.cisco.com

Expected Output:

* Connected to <your-instance>.crossworkassurance.cisco.com (203.0.113.10) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1

Docker Routing Issues

If curl/telnet works but the container cannot reach the target:

# Restart Docker service to reset routing rules
sudo systemctl stop docker && sudo systemctl start docker

TLS/SSL Troubleshooting

TLS Timeout Error

If you see: Connection error: Timed out waiting SSL

Common Cause: MTU mismatch between network interfaces and Docker.

Diagnosis:

ip link

Check if any interface (e.g., VPN) has a lower MTU than Docker's default 1500.

TLS Debugging Checklist

  • Verify system time is correct (NTP recommended)
  • Check for man-in-the-middle proxies/gateways
  • Confirm TLS/SSL is not blocked by firewall
  • Use openssl s_client to debug handshake

Required Ports Reference

Direction Protocol Port Purpose Required?
Outbound TCP 55777 Agent management (WebSocket) Yes
Outbound TCP 55888 Performance data (WebSocket) Yes
Outbound TCP 443 Sensor Collector to Crosswork Assurance Yes
Outbound UDP/TCP 53 DNS resolution If using FQDNs
Inbound UDP 862 TWAMP reflector If reflector enabled
Inbound TCP/UDP 5201 iPerf3 throughput If reflector enabled

© 2026 Cisco and/or its affiliates. All rights reserved.

For more information about trademarks, please visit:
Cisco trademarks 
For more information about legal terms, please visit:
Cisco legal terms