[j-nsp] tcp reset on srx
ashish verma
ashish.scit at gmail.com
Mon Jan 16 22:19:28 EST 2012
Hi All,
In our SRX deployment I am seeing an issue where client does not receive a
ICMP message back after getting denied by the policy.
I can see that packet got dropped by the policy and SRX generates the
tcp-rst but client does not receive anything.
Here is the traceoption log
Jan 16 18:59:25 18:59:24.1596505:CID-01:FPC-08:PIC-00:THREAD_ID-11:RT:
**** pak processing end.
Jan 16 18:59:25
18:59:24.1596527:CID-01:FPC-08:PIC-00:THREAD_ID-11:RT:Denied by policy
150,*generating
icmp/tcp-rst*
Jan 16 18:59:25 18:59:24.1596538:CID-01:FPC-08:PIC-00:THREAD_ID-11:RT:
packet dropped, denied by policy
Jan 16 18:59:25 18:59:24.1596549:CID-01:FPC-08:PIC-00:THREAD_ID-11:RT:
packet dropped, policy deny.
Anyone else has seen this issue or have any suggestions?
More information about the juniper-nsp
mailing list