WHAT IS THE MEANING OF THE FLAG "saA" during a connection establishment

Unanswered Question
May 10th, 2007
User Badges:

Hi,


I have a pi 515 , and the next hop to it is an internet router.I have the below statements as part of the nat:

---------------------------

global (outside) 1 61.8.146.97

nat (inside) 1 192.168.44.0 255.255.255.0 0 0

---------------------------

When i try to access the lotusnotes server(in the internet cloud) through from the LAN, i get the connection disconnected and when i check the show conn details, i can find that the connection is showing the flag "saA".The next hop internet router has just got a very simple configuration.I have attached the router as well as the firewall configs,kindly suggest where could be the problem.


regards.JK


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Manjunatha Jayaram Thu, 05/10/2007 - 02:32
User Badges:

Hi,


As told in my first cnversation, i have also attached the show conn for a particular host from the LAN.

# sh conn detail | inc 192.168.44.123

TCP outside:63.110.19.80/1352 inside:192.168.44.123/2113 flags saA

TCP outside:63.110.19.80/1352 inside:192.168.44.123/2112 flags saA

TCP outside:63.110.19.80/1352 inside:192.168.44.123/2111 flags saA


regards..jk

Jon Marshall Thu, 05/10/2007 - 02:54
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Jk


The saA shows that a syn has been sent to the server on the internet and it is waiting for a response.


There are a number of things that are not clear from the configs but one thing that stands out is that your router does not have a route to 61.8.146.x network.


So you NAT 192.168.44.0 IP's to 61.8.146.97 but your router doesn't know how to get back to that network.


Could you add a router for this network and let me know how you get on.


HTH


Jon

I see your doing PAT (1 address)

Looking through your configs, your outside global needs to be mapped to the outside by either the 'interface' or IP address. The address you currently have configured is no where in the configs, 61.x.x.97. As this is a routable address, Im thinking you mistaked to use the next-hop IP address from your ISP?


global (outside) 1 192.x.1.2


or


global (outside) 1 interface



Please rate if you are satisfied.


Cheers!

Actions

This Discussion