Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
221
Views
0
Helpful
1
Replies

The dissapearing FIN, and appearing RST

andrewmcglasson
Level 1
Level 1

‎03-14-2016 01:43 AM - edited ‎03-05-2019 03:33 AM

Hi Guys, wonder if someone has a theory on this.

Capture running on inside of ISR, and capture running on Juniper and 3rd party sever.

My server > ISR4451-X VPN/NAT > Internet > Juniper SSG550M > 3rd party server

My server initiates SSH traffic using multiple source ports all day. Intermittently we see a normal close down of a TCP session, FIN, FINACK, ACK in our capture, however the 3rd party server capture sees a RST, rather than a FIN.

My understanding, the Cisco router will take the traffic and push it down the VPN tunnel, whereas the Juniper firewall is more likely to be checking state, sequence numbers, etc...

Question - Would the Cisco router in any circumstance convert a FIN in to a RST?

Thanks in advance for your answers, any further questions let me know.

Regards

Andy

Labels:
0 Helpful
1 Reply 1

aftabsiddiqui
Level 1
Level 1

‎03-14-2016 04:58 PM

There is no reason for router to convert a FIN to a RST... I've seen similar behavior in past, once with a SAP implementation but just a corner case (or maybe no one ever discovered it after that).

Please refer to this post.

https://supportforums.cisco.com/discussion/11300361/tcp-rst-packet

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card