09-27-2013 01:38 PM
So im doing work on our DR site. Two diff setup scenarios are failing; NAT over a VPN and routing from one PA to another and out a VPN. I can see the rule letting the packets out so a session should start for the return trip but .. nothing.
Both scenarios show Application incomplete; what are the leading causes of this? Incomplete handshake? So maybe the other side never returns an ack on the tcp handshake? Return routing does not work?
Any inout would be appreciated as im running out of options.
thanks
09-27-2013 01:44 PM
You should take packet capture by filter both source and destinaion ip address.This will make sure you to see if there is a drop or no return.
09-27-2013 01:49 PM
ok, thanks, ill try that
09-27-2013 04:35 PM
You can find the definition for incomplete here: https://live.paloaltonetworks.com/docs/DOC-1549
As for the traffic, you can also look at the sessions to see if there are any packets from server to client. You can view this data from GUI through Monitor -> Traffic logs -> Click on the magnifying glass and look for packets sent and packets received. From cli you can do: show session all filter <interesting traffic> and show session id <id>. You can also look at the global counters to see if there are any drops.
You can alos refer to these documents for troubleshooting using counters & captures:
09-27-2013 09:40 PM
Incomplete denotes a lack of a tcp handshake. Syn packets allowed but never getting a syn-ack from the destination device. Perform client pcaps and span port on switch to help determine where those syn-acks are going if in fact the server is sending them.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!