Välj en organisation
Socket Connection Timeouts from CloudHub 1.0 (or) CloudHub 2.0 to Customer AWS Network Through Transit Gateway
Publiceringsdatum: Apr 15, 2026
Beskrivning
After completing the Transit Gateway setup between MuleSoft CloudHub 1.0 (or) CloudHub 2.0 (Private Space) and a customer AWS account, socket connectivity tests from the net-tools application time out:
nc -vz <EC2-private-IP> <port> Ncat: Connection timed out.
This occurs even though:
- The Transit Gateway attachment state shows Available
- Routes in Anypoint Runtime Manager are in Active status with TGW as the target
- The CloudHub 1.0 (or) Private Space CIDR is correctly propagated to the TGW route table
Lösning
The timeout occurs due to missing return routes in the AWS VPC subnet route table.
When MuleSoft's Private Space sends traffic to an EC2 instance in the AWS VPC via the Transit Gateway, the traffic arrives successfully. However, without a return route in the subnet route table pointing back to the MuleSoft Private Space CIDR via the Transit Gateway attachment, the response traffic lacks a return path.
This creates a one-way traffic flow. The connection appears to time out from the MuleSoft side, even though the Transit Gateway and route propagation are configured correctly.
This is a customer-side AWS VPC configuration issue, not a MuleSoft platform issue. MuleSoft Support confirms the MuleSoft-side configuration is correct. The customer's network team must apply the fix in their AWS account.
Resolution
Step 1 – Add Return Routes in the AWS VPC Subnet Route Table
- In your AWS Console, navigate to VPC → Route Tables.
- Select the route table for the subnet with your EC2 instance.
- Click Edit Routes → Add Route.
- Enter the following:
- Destination: MuleSoft Private Space CIDR (e.g.,
172.16.0.0/16). - Target: Select Transit Gateway → choose your Transit Gateway Attachment ID (e.g.,
tgw-attach-XXXXXXXXXX).
- Destination: MuleSoft Private Space CIDR (e.g.,
- Click Save Changes.
Repeat this for every subnet that hosts resources needing to communicate with the MuleSoft Private Space.
Step 2 – Re-test Connectivity from Net-Tools
After adding the return routes, re-run the socket test from the net-tools app:
After adding the return routes, re-run the socket test from the net-tools app:
nc -vz <EC2-private-IP> <port>
Expected output:
Connection to <EC2-private-IP> port <port> [tcp/ssh] succeeded!
Knowledge-artikelnummer
005318656
Löste denna artikel ditt problem?
Berätta för oss vad vi kan förbättra!
