[j-nsp] tcp reset on srx
ashish verma
ashish.scit at gmail.com
Tue Jan 17 02:01:08 EST 2012
Yes it is "reject".
Just found out that it is only over the IPSEC tunnel. Without IPSEC tunnel
it seems to be working.
On Tue, Jan 17, 2012 at 4:07 PM, Ben Dale <bdale at comlinx.com.au> wrote:
>
> Ashish,
>
> On 17/01/2012, at 1:19 PM, ashish verma wrote:
>
> > In our SRX deployment I am seeing an issue where client does not receive
> a
> > ICMP message back after getting denied by the policy.
> >
> > I can see that packet got dropped by the policy and SRX generates the
> > tcp-rst but client does not receive anything.
>
> Can you confirm that your policy action is "reject" and not "deny"?
> Otherwise the traffic will be dropped silently.
>
> Cheers,
>
> Ben
>
>
More information about the juniper-nsp
mailing list