application incomplete no internet access
cancel
Showing results for 
Search instead for 
Did you mean: 

application incomplete no internet access

L3 Networker

Hi Guys,

 

We are seeing the traffic for the new subnet we added recently are coming as incomplete and need some help to troubleshoot this.

 

 incomplete traffic no internet access.jpg

Cheers,

Mykhaylo

1 ACCEPTED SOLUTION

Accepted Solutions

 

Ok PCAP from the client affected subnet shows only syn packets. Palo Alto PCAP shows syn, syn-ack from the server and that is it.

Another subnet successfully using Internet . Below screen shot:

 

Subnet 10.94.156.0/24 UN-SUCCESSFUL

 

UNSUCCESSFUL.png

 

Subnet 10.94.159.0/24 SUCCESSFUL

 

SUCCESSFUL.png

 

Routing back to the host??

View solution in original post

6 REPLIES 6

L5 Sessionator

Either response doesn't find the way back (routing) or something in front of PA drops these SYN packets.

Going to do PCAP. Let you know 

L3 Networker

By  mistake clicked on me too. 

 

Anyways :

------------------------

 

Have you tried assigning that IP address you are using for source NAT on any interface like a secondary ip just for troubleshooting purposes and then try pinging to the next  hop using that natted ip  address as a source.

Also try sending a G-arp  packet after the same to see the resluts 

 

The above step is just to see that Ip has a back and forth reachability  from the internet or not 

as if that ip itself is not rechable as a source to the next hop the host machines will never be able to reach to the internel  using that as a natted source ip address

 

Also please let me know are you  using single VR or 2 virtual routers.

 

 

 

Ok PCAP from the client affected subnet shows only syn packets. Palo Alto PCAP shows syn, syn-ack from the server and that is it.

Another subnet successfully using Internet . Below screen shot:

 

Subnet 10.94.156.0/24 UN-SUCCESSFUL

 

UNSUCCESSFUL.png

 

Subnet 10.94.159.0/24 SUCCESSFUL

 

SUCCESSFUL.png

 

Routing back to the host??

View solution in original post

Just a  quick update. Routing issue. Packet is not getting back to the affected subnet when Palo sends a syn-ack packet. Thank you all

Cool. Thougth it might be.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!