I have an SRX300 which is reponding to TCP (PSH,ACK) packets and I don't understand why.
On the 'Trust' side of the SRX300 I have a PC (10.200.0.100) which is attempting to connect on TCP port 2000 to a server on a non directly connected network on the 'Untrust' side (10.75.2.101). The connection keeps failing although from the PC I can ping the server without loss.
I have run a packet trace on the PC and on the router to which the SRX300 connects. So I have a trace from both the Trust and Untrust sides.
Trust side packet capture;
Untrust side packet capture;
The 4th packet from the Trust side packet capture shows a TCP (PSH,ACK) packet from 10.200.0.100 to 10.75.2.101 and the 5th packet shows a TCP (ACK) response.
These packets however do not show on the Untrust side packet capture.
My conclusion therefore is that the SRX300 is responding to the packet from 10.200.0.100 rather than routing it through as expected.
If I take the SRX300 out of the data path then the connection between PC and server works correctly.
Can anyone provide an answer as to what is happening and hopefully a solution?
I have found the casue and resolution to my issue.
TCP port 2000 is the well known port for SCCP.
The application I was trying to connect to used TCP 2000 but was not using SCCP.
By default the SRX300 has an SCCP ALG enabled.
The SRX300 was therefore seeing my data as SCCP and responded.
Therefore disabling the SCCP ALG fixed the problem.