[j-nsp] SRX 3600 dropped packets - how to debug?

Alex Arseniev alex.arseniev at gmail.com
Fri May 24 11:05:50 EDT 2013


----- Original Message ----- 
From: "Phil Mayers" <p.mayers at imperial.ac.uk>
To: "Wood, Peter (ISS)" <p.wood at lancaster.ac.uk>
Cc: <juniper-nsp at puck.nether.net>
Sent: Friday, May 24, 2013 12:02 PM
Subject: Re: [j-nsp] SRX 3600 dropped packets - how to debug?


>
> At the moment, the SRX is sitting in front of our "personally owned" VRF; 
> this means all our wireless and wired laptops, and RAS VPN address ranges.

If You run any kind peer-to-peer apps (uTorrent, eMule, etc, also includes 
Skype) then You'll see that outside peers trying to establish LOADS of 
unsolicited connection to Your inside hosts.
And all of them will be dropped unless You enable full cone NAT.
HTH
Thanks
Alex 



More information about the juniper-nsp mailing list