Hi Guys, wonder if someone has a theory on this.
Capture running on inside of ISR, and capture running on Juniper and 3rd party sever.
My server > ISR4451-X VPN/NAT > Internet > Juniper SSG550M > 3rd party server
My server initiates SSH traffic using multiple source ports all day. Intermittently we see a normal close down of a TCP session, FIN, FINACK, ACK in our capture, however the 3rd party server capture sees a RST, rather than a FIN.
My understanding, the Cisco router will take the traffic and push it down the VPN tunnel, whereas the Juniper firewall is more likely to be checking state, sequence numbers, etc...
Question - Would the Cisco router in any circumstance convert a FIN in to a RST?
Thanks in advance for your answers, any further questions let me know.
Regards
Andy