Okay, I don’t know what is wrong, bit there a couple of points that need clarification. The two differences I see between .5.20 and .5.27 are that .5.20 is showing a mss of 1380, and a ttl of 127, whereas as .5.27 is showing a mss of 1408 and a ttl of 126. To me this starts to suggest that there is a problem with the path MTU since every IP packet also seems to have the don’t fragment flags set. Has someone made any manual registry entires to .5.20 regarding mss size? Or is ICMP being blocked somewhere in the network? The difference in ttl seems to suggest that traffic from .5.27 is hitting another Layer 3 device before it’s getting to the MX as it’s being decremented one more than the .5.20 device - what would this device be? (Unless of course someone has changed the default ttl, which I find unlikely).
... View more