Junos OS

Expand all | Collapse all

SRX300 - why is it responding to TCP packet when its not the destination IP address

Jump to Best Answer
  • 1.  SRX300 - why is it responding to TCP packet when its not the destination IP address

    Posted 04-17-2018 08:00

     

    I have an SRX300 which is reponding to TCP (PSH,ACK) packets and I don't understand why.

    On the 'Trust' side of the SRX300 I have a PC (10.200.0.100) which is attempting to connect on TCP port 2000 to a server on a non directly connected network on the 'Untrust' side (10.75.2.101). The connection keeps failing although from the PC I can ping the server without loss.

     

    I have run a packet trace on the PC and on the router to which the SRX300 connects. So I have a trace from both the Trust and Untrust sides.

     

    Trust side packet capture;

    Trust-Side.JPG

    Untrust side packet capture;

    UnTrust-Side.JPG

     The 4th packet from the Trust side packet capture shows a TCP (PSH,ACK) packet from 10.200.0.100 to 10.75.2.101 and the 5th packet shows a TCP (ACK) response.

    These packets however do not show on the Untrust side packet capture.

    My conclusion therefore is that the SRX300 is responding to the packet from 10.200.0.100 rather than routing it through as expected.

    If I take the SRX300 out of the data path then the connection between PC and server works correctly.

     

    Can anyone provide an answer as to what is happening and hopefully a solution?

     



  • 2.  RE: SRX300 - why is it responding to TCP packet when its not the destination IP address
    Best Answer

    Posted 04-17-2018 09:01

    I have found the casue and resolution to my issue.

     

    TCP port 2000 is the well known port for SCCP.

    The application I was trying to connect to used TCP 2000 but was not using SCCP.

     

    By default the SRX300 has an SCCP ALG enabled.

    The SRX300 was therefore seeing my data as SCCP and responded.

     

    Therefore disabling the SCCP ALG fixed the problem.