destination unreachable Host administratively prohibited
Hello: i see this periodically zero window with destination unreachable Host administratively prohibited. starting with packet 24. my question is session is gracefully ended with fin-ack on both sides.. why do i see traffic after that. Below is the capture. Also there is no FW between this two hosts. but 192.168.0.1 is zpa app connector .. acting as proxy between remote client and application server (10.10.10.1).. and there is a FW between remote client and zpa app connector.
One thing I noticed, but I doubt if it has anything to do with the issue is that traffic from 192.168.0.1 to 10.0.0.1 is sent to a one Cisco device and the traffic coming back is being forwarded to 192.168.0.1 from a different Cisco device (based on the mac addresses in the trace).
You mentioned that 192.168.0.1 has a proxy role in this connection. I have little experience with Zscaler, so I have no idea if there is connection multiplexing or anything else going on on the incoming connection towards 192.168.0.1. I have seen devices that act as proxy have some sort of spill-over from the client-side of the connection towards the server-side of the connection and vice-versa. It would be interesting to see how this session is handled on the other (client) side of ...(more)