SRX

last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  no packet reply in session, SRX.

    Posted 03-12-2018 22:00

    Can somebody check my knowledge regarding of the session that has been established by being listed on following command?

     

    show security flow session

     

     When i execute the command, i saw the session is listed. So that's mean that the connection has been made and able to passthorugh from SRX device. I got problem regarding to the session, the session is created but no packet reply.sfexample2.jpg

     

     

     

    Does the SRX device made any mistake to the cause of that? If don't, what exacly the cause of just by your experience.

     

    Any clue would be appreciated.

     

     

     



  • 2.  RE: no packet reply in session, SRX.

    Posted 03-12-2018 22:08

    I do not think SRX is having any problem.

     

    It is the destination which is not responding to the request packet made by the host.

     

    You may check - if is for vpn traffic, you might want to disable the nat and check.

     

    If it is an internet traffic, you might want to white list your public ip in their database to start with.

     



  • 3.  RE: no packet reply in session, SRX.

    Posted 03-12-2018 22:45

     

    Apparently it is a public IP, we've check on our dummy public ip interface to test the destination host using telnet check.

    telnetexample3.jpg

     

     

     

     

     

     

    So it should be opened for any source-address.

     

    Then i guessing of the source-address might having problem at 172.14.203.105, the ACL of source host didn't allow the packet comes from the destination host. Am i correct? or is there anything else might close the reason?



  • 4.  RE: no packet reply in session, SRX.

     
    Posted 03-15-2018 21:29
    Hi,

    Check your NAT and policies. Even though you have greyed out the IP, I can see there was Port translation in the session detail.

    Anand


  • 5.  RE: no packet reply in session, SRX.

    Posted 03-16-2018 06:55

    It is already made. The session has been created. So I have passed the NAT and security policy.

    There is no port translation on my configurations, and also no necessary.



  • 6.  RE: no packet reply in session, SRX.

    Posted 03-17-2018 10:21

    You are reading this correctly.  The SRX is permitting the session and not seeing any packets returned to the device.  Some possible causes:

     

    The destination server has a restriction so does not reply (you seem to have ruled this out)

    The reply comes back to a different place

    The nat address on the SRX requires proxy-arp and is not setup

     



  • 7.  RE: no packet reply in session, SRX.

    Posted 03-18-2018 21:22

    Hi spuluka.

     

    I found very interesting about the proxy-arp. I have a question, does proxy-arp should be set up of every Source NAT is configured?



  • 8.  RE: no packet reply in session, SRX.

    Posted 03-19-2018 02:26

    Proxy arp is required when the NAT addres is in the same subnet as the outgoing interface but not the same address as the interface itself.

     

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB21785

     



  • 9.  RE: no packet reply in session, SRX.

    Posted 03-12-2018 22:48
      |   view attached

    essay writing services are identified by their reliability and high quality products. The same applies to top essay writers. There is no way a top essay writing service can host writers who are not qualified academically and professionally My Review Here



  • 10.  RE: no packet reply in session, SRX.
    Best Answer

    Posted 07-07-2020 01:27

    A long post...  I figure it out that there are a problem on the way route back. On the next router didn't shown the route back to the translated source IP address well. Thanks people.