application incomplete no internet access

Reply
L3 Networker

application incomplete no internet access

Hi Guys,

 

We are seeing the traffic for the new subnet we added recently are coming as incomplete and need some help to troubleshoot this.

 

 incomplete traffic no internet access.jpg

Cheers,

Mykhaylo

L5 Sessionator

Re: application incomplete no internet access

Either response doesn't find the way back (routing) or something in front of PA drops these SYN packets.

L3 Networker

Re: application incomplete no internet access

Going to do PCAP. Let you know 

Highlighted
L3 Networker

Re: application incomplete no internet access

By  mistake clicked on me too. 

 

Anyways :

------------------------

 

Have you tried assigning that IP address you are using for source NAT on any interface like a secondary ip just for troubleshooting purposes and then try pinging to the next  hop using that natted ip  address as a source.

Also try sending a G-arp  packet after the same to see the resluts 

 

The above step is just to see that Ip has a back and forth reachability  from the internet or not 

as if that ip itself is not rechable as a source to the next hop the host machines will never be able to reach to the internel  using that as a natted source ip address

 

Also please let me know are you  using single VR or 2 virtual routers.

 

 

L3 Networker

Re: application incomplete no internet access

 

Ok PCAP from the client affected subnet shows only syn packets. Palo Alto PCAP shows syn, syn-ack from the server and that is it.

Another subnet successfully using Internet . Below screen shot:

 

Subnet 10.94.156.0/24 UN-SUCCESSFUL

 

UNSUCCESSFUL.png

 

Subnet 10.94.159.0/24 SUCCESSFUL

 

SUCCESSFUL.png

 

Routing back to the host??

L3 Networker

Re: application incomplete no internet access

Just a  quick update. Routing issue. Packet is not getting back to the affected subnet when Palo sends a syn-ack packet. Thank you all

L5 Sessionator

Re: application incomplete no internet access

Cool. Thougth it might be.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!