Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Self traffic getting dropped with the 'packet forself with tag dropped' error message in transparent mode

0

0

Article ID: KB22806 KB Last Updated: 07 Feb 2012Version: 1.0
Summary:
This article describes the issue of self traffic being dropped, with the 'packet forself with tag dropped' error message, in the transparent mode.
Symptoms:
The self traffic to the firewall, in transparent mode, fails if the traffic is tagged. Tagged traffic passing through the firewall works fine.

Customer has a requirement that they need to terminate the VPN on the firewall with tagged VLAN traffic.

The debug logs for ICMP traffic:
****** 98090.0: <V1-Untrust/ethernet0/2> packet received [60]******
ipid = 4426(114a), @034b6834
packet passed sanity check.
packet with vlan 1, vlan-group vlan1, vsd 0
v1-untrust:10.173.60.253/1536->10.174.90.20/1024,1(8/0)<Root>
xpt: packet forself with tag dropped: ethernet0/2
****** 98095.0: <V1-Untrust/ethernet0/2> packet received [60]******
ipid = 4481(1181), @034b8034
packet passed sanity check.
packet with vlan 1, vlan-group vlan1, vsd 0
v1-untrust:10.173.60.253/1792->10.174.90.20/1024,1(8/0)<Root>
xpt: packet forself with tag dropped: ethernet0/2
Cause:

Solution:
A ScreenOS device in VLAN Trunk Mode cannot accept 'tagged to' self traffic (including terminated VPN traffic). It is a known limitation.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search