SRX Services Gateway
Highlighted
SRX Services Gateway

no packet reply in session, SRX.

‎03-12-2018 10:00 PM

Can somebody check my knowledge regarding of the session that has been established by being listed on following command?

 

show security flow session

 

 When i execute the command, i saw the session is listed. So that's mean that the connection has been made and able to passthorugh from SRX device. I got problem regarding to the session, the session is created but no packet reply.sfexample2.jpg

 

 

 

Does the SRX device made any mistake to the cause of that? If don't, what exacly the cause of just by your experience.

 

Any clue would be appreciated.

 

 

 

8 REPLIES
SRX Services Gateway

Re: no packet reply in session, SRX.

‎03-12-2018 10:08 PM

I do not think SRX is having any problem.

 

It is the destination which is not responding to the request packet made by the host.

 

You may check - if is for vpn traffic, you might want to disable the nat and check.

 

If it is an internet traffic, you might want to white list your public ip in their database to start with.

 


*************************************
HTH.
Accept this as solution if it resolved your issue.
Kudos would be appreciated too.
SRX Services Gateway

Re: no packet reply in session, SRX.

[ Edited ]
‎03-12-2018 10:45 PM

 

Apparently it is a public IP, we've check on our dummy public ip interface to test the destination host using telnet check.

telnetexample3.jpg

 

 

 

 

 

 

So it should be opened for any source-address.

 

Then i guessing of the source-address might having problem at 172.14.203.105, the ACL of source host didn't allow the packet comes from the destination host. Am i correct? or is there anything else might close the reason?

SRX Services Gateway

Re: no packet reply in session, SRX.

‎03-12-2018 10:47 PM

essay writing services are identified by their reliability and high quality products. The same applies to top essay writers. There is no way a top essay writing service can host writers who are not qualified academically and professionally My Review Here

Attachments

SRX Services Gateway

Re: no packet reply in session, SRX.

‎03-15-2018 09:28 PM
Hi,

Check your NAT and policies. Even though you have greyed out the IP, I can see there was Port translation in the session detail.

Anand
SRX Services Gateway

Re: no packet reply in session, SRX.

‎03-16-2018 06:55 AM

It is already made. The session has been created. So I have passed the NAT and security policy.

There is no port translation on my configurations, and also no necessary.

SRX Services Gateway

Re: no packet reply in session, SRX.

‎03-17-2018 10:20 AM

You are reading this correctly.  The SRX is permitting the session and not seeing any packets returned to the device.  Some possible causes:

 

The destination server has a restriction so does not reply (you seem to have ruled this out)

The reply comes back to a different place

The nat address on the SRX requires proxy-arp and is not setup

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
SRX Services Gateway

Re: no packet reply in session, SRX.

‎03-18-2018 09:21 PM

Hi spuluka.

 

I found very interesting about the proxy-arp. I have a question, does proxy-arp should be set up of every Source NAT is configured?

SRX Services Gateway

Re: no packet reply in session, SRX.

‎03-19-2018 02:26 AM

Proxy arp is required when the NAT addres is in the same subnet as the outgoing interface but not the same address as the interface itself.

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB21785

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home