Can you post your config?
On Tue, Jan 25, 2011 at 11:05 PM, Shahid <bxperts_at_gmail.com> wrote:
> Dear Experts,
>
>
>
> I am diagnosing one issue and looking for your help. The traffic from
> outside is reaching fine to the internal server from ISP1 but having
> troubles sometimes from ISP2.
>
>
>
> ADSL connections are terminated to two separate (Cisco Routers). Juniper
> SSG140 Firewall is connected to both ISPs routers over the Ethernet.
>
>
>
> From both ISPs the public IP addresses are mapped (Port-Forwarding) to
> internal same server having (HTTP, HTTPS, POP3 and SMTP). The traffic from
> ISP1 is reaching to the server while from ISP2 is reaching sometimes but
> often not.
>
>
>
> I have used the following methods to trace the issue.
>
> 1. I have checked using the online port scanner on the IP Address of
> ISP2 and got the results that the port shows sometimes reachable and
> sometimes not.
>
> 2. In the syslog message from SSG140 shows that the service=pop3
> proto=6 src zone=Untrust dst zone=Trust action=Permit sent=78 *rcvd=0*
>
> 3. One remote PC I used wireshark and noticed that the remote host
> sent
> the SYN message and waiting for the acknowledgment.
>
> Can be this issue with the ISP router if that one is blocked SYN packets
> sometimes.
>
> *For Juniper Experts. *
>
>
>
> Both interfaces of ISPs are in the Untrust zone and having same type of
> Firewall polices.
>
>
>
> Regards,
>
>
> Shahid
>
> Kuwait
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Jan 27 2011 - 23:29:31 ART
This archive was generated by hypermail 2.2.0 : Tue Feb 01 2011 - 07:39:17 ART