LATEST UPDATE: Got it working! See the code below for the change I had to make. I had to delete the static NAT that did not include ports and create static NAT for each port. Alternatively, I could have left the existing static NAT and simply placed the endor_33389 rule above it.
will@srx# top show | compare [edit security nat static] ! inactive: rule-set yeti_server { ... } [edit security nat static rule-set endor_server] + rule endor_33389 { + match { + destination-address 1.1.1.73/32; + destination-port 33389; + } + then { + static-nat { + prefix { + 10.0.3.13/32; + mapped-port 3389; + } + } + } + } + rule endor_7777 { + match { + destination-address 1.1.1.73/32; + destination-port 7777; + } + then { + static-nat { + prefix { + 10.0.3.13/32; + mapped-port 7777; + } + } + } + } - rule endor_static { - match { - destination-address 1.1.1.73/32; - } - then { - static-nat { - prefix { - 10.0.3.13/32; - } - } - } - } [edit security nat static] will@srx# top commit commit complete
Thanks for the help, jonashauge. However, it is still not working. I have a security policy, and I have the necessary NAT.
I'm comparing two machines. RDP works for 10.0.3.11:3389 (1.1.1.71:33389) but RDP does NOT work for 10.0.3.13:3389 (1.1.1.73:33389).
What's weird is that 10.0.3.13:7777 (1.1.1.73:7777) works just fine from outside. Because of that and because 33389 to 3389 gets translated correctly for the 1.1.1.71 IP the problem has something to do with the way the static NAT is translating 33389 to 3389, or vice versa.
UPDATE: Apparently RDPing to 1.1.1.73:3389 (the default RDP port) DOES work from untrust to trust. However, I want to be translating that port. Why doesn't 1.1.1.73:33389 work?!
See config below:
First there is the definition of my public IP and the proxy-arp for the two consecutive IP numbers (71 and then 72-73), then zone membership:
will@srx# show interfaces vlan.2 family inet { address 1.1.1.71/24; } will@srx# show security nat proxy-arp interface vlan.2 { address { 1.1.1.72/32 to 1.1.1.73/32; } } will@srx# show security zones security-zone untrust screen untrust-screen; host-inbound-traffic { system-services { ping; ssh; ftp; } } interfaces { vlan.2; }
Address book entries for the two trust zone RDP destinations:
will@srx# show security address-book trust address Terminus 10.0.3.11/32; address Endor 10.0.3.13/32; attach { zone trust; }
Then my NAT:
will@srx# show security nat destination pool dnat-10_0_3_11p3389 { address 10.0.3.11/32 port 3389; } pool dnat-10_0_3_13p3389 { address 10.0.3.13/32 port 3389; } rule-set port-forwarding { from zone untrust; rule terminus_3389 { match { destination-address 1.1.1.71/32; destination-port { 33389; } } then { destination-nat { pool { dnat-10_0_3_11p3389; } } rule endor_3389 { match { destination-address 1.1.1.73/32; destination-port { 33389; } } then { destination-nat { pool { dnat-10_0_3_13p3389; } } } } will@srx# show security nat static rule-set endor_server { from interface vlan.2; rule endor_static { match { destination-address 66.117.154.73/32; } then { static-nat { prefix { 10.0.3.13/32; } } } } }
Finally, my policy:
will@srx# show security policies from-zone untrust to-zone trust policy terminus-server { match { source-address any; destination-address Terminus; application [ TCP_7777 TCP_21025 TCP_3389 ]; } then { permit; log { session-init; session-close; } } } policy endor-server { match { source-address any; destination-address Endor; application [ TCP_7777 TCP_3389 ]; } then { permit; log { session-init; session-close; } } }
See below for my traceoptions. I've replace my source IP with 23.24.25.26. Traceoptions shows its permitted by policy but RDP fails.
will@srx# show security flow traceoptions file mytrace; flag basic-datapath; packet-filter untrust-to-trust { source-prefix 23.24.25.26/32; destination-prefix 1.1.1.73/32; } packet-filter trust-to-untrust { source-prefix 23.24.25.26/32; destination-prefix 23.24.25.26/32; }
Jan 15 01:38:22 01:38:22.747896:CID-0:RT:<23.24.25.26/30868->1.1.1.73/33389;6> matched filter untrust-to-trust: Jan 15 01:38:23 01:38:22.747896:CID-0:RT:packet [48] ipid = 18300, @0x43e7c224 Jan 15 01:38:23 01:38:22.747896:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 15, common flag 0x0, mbuf 0x43e7c000, rtbl_idx = 0 Jan 15 01:38:23 01:38:22.747896:CID-0:RT: flow process pak fast ifl 71 in_ifp vlan.2 Jan 15 01:38:23 01:38:22.747896:CID-0:RT: vlan.2:23.24.25.26/30868->1.1.1.73/33389, tcp, flag 2 syn Jan 15 01:38:23 01:38:22.747896:CID-0:RT: find flow: table 0x54e0ea80, hash 5598(0xffff), sa 23.24.25.26, da 1.1.1.73, sp 30868, dp 33389, proto 6, tok 7 Jan 15 01:38:23 01:38:22.747896:CID-0:RT:Found: session id 0xe8ad. sess tok 7 Jan 15 01:38:23 01:38:22.747896:CID-0:RT: flow got session. Jan 15 01:38:23 01:38:22.747896:CID-0:RT: flow session id 59565 Jan 15 01:38:23 01:38:22.747896:CID-0:RT: vector bits 0x1002 vector 0x4abb6a40 Jan 15 01:38:23 01:38:22.747896:CID-0:RT: tcp 3way refresh, is_half_open:0, tcp_proxy enabled:0, is_fwauth:0 Jan 15 01:38:23 01:38:22.747896:CID-0:RT:flow_xlate_pak Jan 15 01:38:23 01:38:22.747896:CID-0:RT: post addr xlation: 23.24.25.26->10.0.3.13. Jan 15 01:38:23 01:38:22.747896:CID-0:RT: post addr xlation: 23.24.25.26->10.0.3.13. Jan 15 01:38:23 01:38:22.747896:CID-0:RT:skip pre-frag: is_tunnel_if- 0, is_if_mtu_configured- 0 Jan 15 01:38:23 01:38:22.747896:CID-0:RT:mbuf 0x43e7c000, exit nh 0x160010 Jan 15 01:38:23 01:38:22.747896:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0) Jan 15 01:38:23 01:38:23.195079:CID-0:RT:jsf sess close notify Jan 15 01:38:23 01:38:23.195079:CID-0:RT:flow_ipv4_del_flow: sess 59565, in hash 32 Jan 15 01:38:23 01:38:23.195079:CID-0:RT:flow_ipv4_del_flow: sess 59565, in hash 32 Jan 15 01:39:42 01:39:42.813842:CID-0:RT:<23.24.25.26/30877->1.1.1.73/33389;6> matched filter untrust-to-trust: Jan 15 01:39:42 01:39:42.813842:CID-0:RT:packet [52] ipid = 18306, @0x43e9a6a4 Jan 15 01:39:42 01:39:42.813842:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 15, common flag 0x0, mbuf 0x43e9a480, rtbl_idx = 0 Jan 15 01:39:42 01:39:42.813842:CID-0:RT: flow process pak fast ifl 71 in_ifp vlan.2 Jan 15 01:39:42 01:39:42.813842:CID-0:RT: vlan.2:23.24.25.26/30877->1.1.1.73/33389, tcp, flag 2 syn Jan 15 01:39:42 01:39:42.813842:CID-0:RT: find flow: table 0x54e0ea80, hash 15406(0xffff), sa 23.24.25.26, da 1.1.1.73, sp 30877, dp 33389, proto 6, tok 7 Jan 15 01:39:42 01:39:42.813842:CID-0:RT: no session found, start first path. in_tunnel - 0x0, from_cp_flag - 0 Jan 15 01:39:42 01:39:42.813842:CID-0:RT: flow_first_create_session Jan 15 01:39:42 01:39:42.813842:CID-0:RT:First path alloc and instl pending session, natp=0x5746fb70, id=59532 Jan 15 01:39:42 01:39:42.813842:CID-0:RT: flow_first_in_dst_nat: in <vlan.2>, out <N/A> dst_adr 1.1.1.73, sp 30877, dp 33389 Jan 15 01:39:42 01:39:42.813842:CID-0:RT: chose interface vlan.2 as incoming nat if. Jan 15 01:39:42 01:39:42.813842:CID-0:RT:flow_first_rule_dst_xlate: packet 23.24.25.26->1.1.1.73 nsp2 0.0.0.0->10.0.3.13. Jan 15 01:39:42 01:39:42.813842:CID-0:RT:flow_first_routing: vr_id 0, call flow_route_lookup(): src_ip 23.24.25.26, x_dst_ip 10.0.3.13, in ifp vlan.2, out ifp N/A sp 30877, dp 33389, ip_proto 6, tos 0 Jan 15 01:39:42 01:39:42.813842:CID-0:RT:Doing DESTINATION addr route-lookup Jan 15 01:39:42 01:39:42.813842:CID-0:RT:flow_ipv4_rt_lkup success 10.0.3.13, iifl 0x47, oifl 0x48 Jan 15 01:39:42 01:39:42.813842:CID-0:RT: routed (x_dst_ip 10.0.3.13) from untrust (vlan.2 in 0) to vlan.3, Next-hop: 10.0.3.13 Jan 15 01:39:42 01:39:42.813842:CID-0:RT:flow_first_policy_search: policy search from zone untrust-> zone trust (0x114,0x789d826d,0x826d) Jan 15 01:39:42 01:39:42.813842:CID-0:RT:Policy lkup: vsys 0 zone(7:untrust) -> zone(6:trust) scope:0 Jan 15 01:39:42 01:39:42.813842:CID-0:RT: 23.24.25.26/30877 -> 10.0.3.13/33389 proto 6 Jan 15 01:39:42 01:39:42.813842:CID-0:RT: policy has timeout 900 Jan 15 01:39:42 01:39:42.813842:CID-0:RT: app 0, timeout 1800s, curr ageout 20s Jan 15 01:39:42 01:39:42.813842:CID-0:RT: permitted by policy mgmt-untrust(8) Jan 15 01:39:42 01:39:42.813842:CID-0:RT: packet passed, Permitted by policy. Jan 15 01:39:42 01:39:42.813842:CID-0:RT:flow_first_src_xlate: nat_src_xlated: False, nat_src_xlate_failed: False Jan 15 01:39:42 01:39:42.813842:CID-0:RT:flow_first_src_xlate: incoming src port is : 30877. Jan 15 01:39:42 01:39:42.813842:CID-0:RT:flow_first_src_xlate: src nat returns status: 0, rule/pool id: 0/0, pst_nat: False. Jan 15 01:39:42 01:39:42.813842:CID-0:RT: dip id = 0/0, 23.24.25.26/30877->23.24.25.26/30877 protocol 0 Jan 15 01:39:42 01:39:42.813842:CID-0:RT: choose interface vlan.3(P2P) as outgoing phy if Jan 15 01:39:42 01:39:42.813842:CID-0:RT:is_loop_pak: No loop: on ifp: vlan.3, addr: 10.0.3.13, rtt_idx:0 Jan 15 01:39:42 01:39:42.813842:CID-0:RT:-jsf : Alloc sess plugin info for session 150323914892 Jan 15 01:39:42 01:39:42.813842:CID-0:RT:[JSF]Normal interest check. regd plugins 27, enabled impl mask 0x0 Jan 15 01:39:42 01:39:42.813842:CID-0:RT:+++++++++++jsf_test_plugin_data_evh: 3 Jan 15 01:39:42 01:39:42.813842:CID-0:RT:[JSF]Plugins(0x0, count 0) enabled for session = 150323914892, impli mask(0x0), post_nat cnt 0 svc req(0x0) Jan 15 01:39:42 01:39:42.813842:CID-0:RT:-jsf : no plugin interested for session 150323914892, free sess plugin info Jan 15 01:39:42 01:39:42.813842:CID-0:RT:flow_first_service_lookup(): natp(0x5746fb70): app_id, 0(0). Jan 15 01:39:42 01:39:42.813842:CID-0:RT: service lookup identified service 0. Jan 15 01:39:42 01:39:42.813842:CID-0:RT: flow_first_final_check: in <vlan.2>, out <vlan.3> Jan 15 01:39:42 01:39:42.813842:CID-0:RT:flow_first_final_check: flow_set_xlate_vector. Jan 15 01:39:42 01:39:42.813842:CID-0:RT:In flow_first_complete_session Jan 15 01:39:42 01:39:42.813842:CID-0:RT:flow_first_complete_session: pak_ptr is xlated packet Jan 15 01:39:42 01:39:42.813842:CID-0:RT:flow_first_complete_session, pak_ptr: 0x51f08a88, nsp: 0x5746fb70, in_tunnel: 0x0 Jan 15 01:39:42 01:39:42.813842:CID-0:RT:construct v4 vector for nsp2 Jan 15 01:39:42 01:39:42.813842:CID-0:RT: existing vector list 0x1002-0x4abb6a40. Jan 15 01:39:42 01:39:42.813842:CID-0:RT: Session (id:59532) created for first pak 1002 Jan 15 01:39:43 01:39:42.813842:CID-0:RT:first pak processing successful Jan 15 01:39:43 01:39:42.813842:CID-0:RT: flow_first_install_session======> 0x5746fb70 Jan 15 01:39:43 01:39:42.813842:CID-0:RT: nsp 0x5746fb70, nsp2 0x5746fc00 Jan 15 01:39:43 01:39:42.813842:CID-0:RT: make_nsp_ready_no_resolve() Jan 15 01:39:43 01:39:42.813842:CID-0:RT:flow_ipv4_rt_lkup success 23.24.25.26, iifl 0x47, oifl 0x47 Jan 15 01:39:43 01:39:42.813842:CID-0:RT: route lookup: dest-ip 23.24.25.26 orig ifp vlan.2 output_ifp vlan.2 orig-zone 7 out-zone 7 vsd 0 Jan 15 01:39:43 01:39:42.813842:CID-0:RT: route to 1.1.1.1 Jan 15 01:39:43 01:39:42.813842:CID-0:RT:no need update ha Jan 15 01:39:43 01:39:42.813842:CID-0:RT:Installing c2s NP session wing Jan 15 01:39:43 01:39:42.813842:CID-0:RT:Installing s2c NP session wing Jan 15 01:39:43 01:39:42.813842:CID-0:RT:get NULL sess plugin info 0x5746fb70 Jan 15 01:39:43 01:39:42.813842:CID-0:RT:get NULL sess plugin info 0x5746fb70 Jan 15 01:39:43 01:39:42.813842:CID-0:RT:get NULL sess plugin info 0x5746fb70 Jan 15 01:39:43 01:39:42.813842:CID-0:RT:first path session installation succeeded Jan 15 01:39:43 01:39:42.813842:CID-0:RT: flow got session. Jan 15 01:39:43 01:39:42.813842:CID-0:RT: flow session id 59532 Jan 15 01:39:43 01:39:42.813842:CID-0:RT: vector bits 0x1002 vector 0x4abb6a40 Jan 15 01:39:43 01:39:42.813842:CID-0:RT:flow_tcp_wsf_update: wsf 8 Jan 15 01:39:43 01:39:42.813842:CID-0:RT: tcp 3way refresh, is_half_open:0, tcp_proxy enabled:0, is_fwauth:0 Jan 15 01:39:43 01:39:42.813842:CID-0:RT:flow_xlate_pak Jan 15 01:39:43 01:39:42.813842:CID-0:RT: post addr xlation: 23.24.25.26->10.0.3.13. Jan 15 01:39:43 01:39:42.813842:CID-0:RT: post addr xlation: 23.24.25.26->10.0.3.13. Jan 15 01:39:43 01:39:42.813842:CID-0:RT:skip pre-frag: is_tunnel_if- 0, is_if_mtu_configured- 0 Jan 15 01:39:43 01:39:42.813842:CID-0:RT:mbuf 0x43e9a480, exit nh 0x160010 Jan 15 01:39:43 01:39:42.813842:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0) Jan 15 01:39:43 01:39:43.199366:CID-0:RT:jsf sess close notify Jan 15 01:39:43 01:39:43.199366:CID-0:RT:flow_ipv4_del_flow: sess 59532, in hash 32 Jan 15 01:39:43 01:39:43.199366:CID-0:RT:flow_ipv4_del_flow: sess 59532, in hash 32 Jan 15 01:39:43 01:39:43.364912:CID-0:RT:<23.24.25.26/30877->1.1.1.73/33389;6> matched filter untrust-to-trust: Jan 15 01:39:43 01:39:43.364912:CID-0:RT:packet [52] ipid = 18307, @0x43df4224 Jan 15 01:39:43 01:39:43.364912:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 15, common flag 0x0, mbuf 0x43df4000, rtbl_idx = 0 Jan 15 01:39:43 01:39:43.364912:CID-0:RT: flow process pak fast ifl 71 in_ifp vlan.2 Jan 15 01:39:43 01:39:43.364912:CID-0:RT: vlan.2:23.24.25.26/30877->1.1.1.73/33389, tcp, flag 2 syn Jan 15 01:39:43 01:39:43.364912:CID-0:RT: find flow: table 0x54e0ea80, hash 15406(0xffff), sa 23.24.25.26, da 1.1.1.73, sp 30877, dp 33389, proto 6, tok 7 Jan 15 01:39:43 01:39:43.364912:CID-0:RT: no session found, start first path. in_tunnel - 0x0, from_cp_flag - 0 Jan 15 01:39:43 01:39:43.364912:CID-0:RT: flow_first_create_session Jan 15 01:39:43 01:39:43.364912:CID-0:RT:First path alloc and instl pending session, natp=0x57469c80, id=59483 Jan 15 01:39:43 01:39:43.364912:CID-0:RT: flow_first_in_dst_nat: in <vlan.2>, out <N/A> dst_adr 1.1.1.73, sp 30877, dp 33389 Jan 15 01:39:43 01:39:43.364912:CID-0:RT: chose interface vlan.2 as incoming nat if. Jan 15 01:39:43 01:39:43.364912:CID-0:RT:flow_first_rule_dst_xlate: packet 23.24.25.26->1.1.1.73 nsp2 0.0.0.0->10.0.3.13. Jan 15 01:39:43 01:39:43.364912:CID-0:RT:flow_first_routing: vr_id 0, call flow_route_lookup(): src_ip 23.24.25.26, x_dst_ip 10.0.3.13, in ifp vlan.2, out ifp N/A sp 30877, dp 33389, ip_proto 6, tos 0 Jan 15 01:39:43 01:39:43.364912:CID-0:RT:Doing DESTINATION addr route-lookup Jan 15 01:39:43 01:39:43.364912:CID-0:RT:flow_ipv4_rt_lkup success 10.0.3.13, iifl 0x47, oifl 0x48 Jan 15 01:39:43 01:39:43.364912:CID-0:RT: routed (x_dst_ip 10.0.3.13) from untrust (vlan.2 in 0) to vlan.3, Next-hop: 10.0.3.13 Jan 15 01:39:43 01:39:43.364912:CID-0:RT:flow_first_policy_search: policy search from zone untrust-> zone trust (0x114,0x789d826d,0x826d) Jan 15 01:39:43 01:39:43.364912:CID-0:RT:Policy lkup: vsys 0 zone(7:untrust) -> zone(6:trust) scope:0 Jan 15 01:39:43 01:39:43.364912:CID-0:RT: 23.24.25.26/30877 -> 10.0.3.13/33389 proto 6 Jan 15 01:39:43 01:39:43.364912:CID-0:RT: policy has timeout 900 Jan 15 01:39:43 01:39:43.364912:CID-0:RT: app 0, timeout 1800s, curr ageout 20s Jan 15 01:39:43 01:39:43.364912:CID-0:RT: permitted by policy mgmt-untrust(8) Jan 15 01:39:43 01:39:43.364912:CID-0:RT: packet passed, Permitted by policy. Jan 15 01:39:43 01:39:43.364912:CID-0:RT:flow_first_src_xlate: nat_src_xlated: False, nat_src_xlate_failed: False Jan 15 01:39:43 01:39:43.364912:CID-0:RT:flow_first_src_xlate: incoming src port is : 30877. Jan 15 01:39:43 01:39:43.364912:CID-0:RT:flow_first_src_xlate: src nat returns status: 0, rule/pool id: 0/0, pst_nat: False. Jan 15 01:39:43 01:39:43.364912:CID-0:RT: dip id = 0/0, 23.24.25.26/30877->23.24.25.26/30877 protocol 0 Jan 15 01:39:43 01:39:43.364912:CID-0:RT: choose interface vlan.3(P2P) as outgoing phy if Jan 15 01:39:43 01:39:43.364912:CID-0:RT:is_loop_pak: No loop: on ifp: vlan.3, addr: 10.0.3.13, rtt_idx:0 Jan 15 01:39:43 01:39:43.364912:CID-0:RT:-jsf : Alloc sess plugin info for session 150323914843 Jan 15 01:39:43 01:39:43.364912:CID-0:RT:[JSF]Normal interest check. regd plugins 27, enabled impl mask 0x0 Jan 15 01:39:43 01:39:43.364912:CID-0:RT:+++++++++++jsf_test_plugin_data_evh: 3 Jan 15 01:39:43 01:39:43.364912:CID-0:RT:[JSF]Plugins(0x0, count 0) enabled for session = 150323914843, impli mask(0x0), post_nat cnt 0 svc req(0x0) Jan 15 01:39:43 01:39:43.364912:CID-0:RT:-jsf : no plugin interested for session 150323914843, free sess plugin info Jan 15 01:39:43 01:39:43.364912:CID-0:RT:flow_first_service_lookup(): natp(0x57469c80): app_id, 0(0). Jan 15 01:39:43 01:39:43.364912:CID-0:RT: service lookup identified service 0. Jan 15 01:39:43 01:39:43.364912:CID-0:RT: flow_first_final_check: in <vlan.2>, out <vlan.3> Jan 15 01:39:43 01:39:43.364912:CID-0:RT:flow_first_final_check: flow_set_xlate_vector. Jan 15 01:39:43 01:39:43.364912:CID-0:RT:In flow_first_complete_session Jan 15 01:39:43 01:39:43.364912:CID-0:RT:flow_first_complete_session: pak_ptr is xlated packet Jan 15 01:39:43 01:39:43.364912:CID-0:RT:flow_first_complete_session, pak_ptr: 0x51f08a88, nsp: 0x57469c80, in_tunnel: 0x0 Jan 15 01:39:43 01:39:43.364912:CID-0:RT:construct v4 vector for nsp2 Jan 15 01:39:43 01:39:43.364912:CID-0:RT: existing vector list 0x1002-0x4abb6a40. Jan 15 01:39:43 01:39:43.364912:CID-0:RT: Session (id:59483) created for first pak 1002 Jan 15 01:39:43 01:39:43.364912:CID-0:RT:first pak processing successful Jan 15 01:39:43 01:39:43.364912:CID-0:RT: flow_first_install_session======> 0x57469c80 Jan 15 01:39:43 01:39:43.364912:CID-0:RT: nsp 0x57469c80, nsp2 0x57469d10 Jan 15 01:39:43 01:39:43.364912:CID-0:RT: make_nsp_ready_no_resolve() Jan 15 01:39:43 01:39:43.364912:CID-0:RT:flow_ipv4_rt_lkup success 23.24.25.26, iifl 0x47, oifl 0x47 Jan 15 01:39:43 01:39:43.364912:CID-0:RT: route lookup: dest-ip 23.24.25.26 orig ifp vlan.2 output_ifp vlan.2 orig-zone 7 out-zone 7 vsd 0 Jan 15 01:39:43 01:39:43.364912:CID-0:RT: route to 1.1.1.1 Jan 15 01:39:43 01:39:43.364912:CID-0:RT:no need update ha Jan 15 01:39:43 01:39:43.364912:CID-0:RT:Installing c2s NP session wing Jan 15 01:39:43 01:39:43.364912:CID-0:RT:Installing s2c NP session wing Jan 15 01:39:43 01:39:43.364912:CID-0:RT:get NULL sess plugin info 0x57469c80 Jan 15 01:39:43 01:39:43.364912:CID-0:RT:get NULL sess plugin info 0x57469c80 Jan 15 01:39:43 01:39:43.364912:CID-0:RT:get NULL sess plugin info 0x57469c80 Jan 15 01:39:43 01:39:43.364912:CID-0:RT:first path session installation succeeded Jan 15 01:39:43 01:39:43.364912:CID-0:RT: flow got session. Jan 15 01:39:43 01:39:43.364912:CID-0:RT: flow session id 59483 Jan 15 01:39:43 01:39:43.364912:CID-0:RT: vector bits 0x1002 vector 0x4abb6a40 Jan 15 01:39:43 01:39:43.364912:CID-0:RT:flow_tcp_wsf_update: wsf 8 Jan 15 01:39:43 01:39:43.364912:CID-0:RT: tcp 3way refresh, is_half_open:0, tcp_proxy enabled:0, is_fwauth:0 Jan 15 01:39:43 01:39:43.364912:CID-0:RT:flow_xlate_pak Jan 15 01:39:43 01:39:43.364912:CID-0:RT: post addr xlation: 23.24.25.26->10.0.3.13. Jan 15 01:39:43 01:39:43.364912:CID-0:RT: post addr xlation: 23.24.25.26->10.0.3.13. Jan 15 01:39:43 01:39:43.364912:CID-0:RT:skip pre-frag: is_tunnel_if- 0, is_if_mtu_configured- 0 Jan 15 01:39:43 01:39:43.364912:CID-0:RT:mbuf 0x43df4000, exit nh 0x160010 Jan 15 01:39:43 01:39:43.364912:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0) Jan 15 01:39:43 01:39:43.915335:CID-0:RT:<23.24.25.26/30877->1.1.1.73/33389;6> matched filter untrust-to-trust: Jan 15 01:39:43 01:39:43.915335:CID-0:RT:packet [48] ipid = 18308, @0x43e940a4 Jan 15 01:39:43 01:39:43.915335:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 15, common flag 0x0, mbuf 0x43e93e80, rtbl_idx = 0 Jan 15 01:39:43 01:39:43.915335:CID-0:RT: flow process pak fast ifl 71 in_ifp vlan.2 Jan 15 01:39:43 01:39:43.915335:CID-0:RT: vlan.2:23.24.25.26/30877->1.1.1.73/33389, tcp, flag 2 syn Jan 15 01:39:43 01:39:43.915335:CID-0:RT: find flow: table 0x54e0ea80, hash 15406(0xffff), sa 23.24.25.26, da 1.1.1.73, sp 30877, dp 33389, proto 6, tok 7