Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
17873
Views
0
Helpful
4
Replies

WHAT IS THE MEANING OF THE FLAG "saA" during a connection establishment

Manjunatha Jayaram
Level 1
Level 1

‎05-10-2007 02:28 AM - edited ‎03-11-2019 03:11 AM

Hi,

I have a pi 515 , and the next hop to it is an internet router.I have the below statements as part of the nat:

---------------------------

global (outside) 1 61.8.146.97

nat (inside) 1 192.168.44.0 255.255.255.0 0 0

---------------------------

When i try to access the lotusnotes server(in the internet cloud) through from the LAN, i get the connection disconnected and when i check the show conn details, i can find that the connection is showing the flag "saA".The next hop internet router has just got a very simple configuration.I have attached the router as well as the firewall configs,kindly suggest where could be the problem.

regards.JK

Labels:
0 Helpful
4 Replies 4

Manjunatha Jayaram
Level 1
Level 1

‎05-10-2007 02:29 AM

the configs are as well attached.need help!!

regards..jk

Preview file
5 KB
0 Helpful

Manjunatha Jayaram
Level 1
Level 1
In response to Manjunatha Jayaram

‎05-10-2007 02:32 AM

Hi,

As told in my first cnversation, i have also attached the show conn for a particular host from the LAN.

# sh conn detail | inc 192.168.44.123

TCP outside:63.110.19.80/1352 inside:192.168.44.123/2113 flags saA

TCP outside:63.110.19.80/1352 inside:192.168.44.123/2112 flags saA

TCP outside:63.110.19.80/1352 inside:192.168.44.123/2111 flags saA

regards..jk

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Manjunatha Jayaram

‎05-10-2007 02:54 AM

Hi Jk

The saA shows that a syn has been sent to the server on the internet and it is waiting for a response.

There are a number of things that are not clear from the configs but one thing that stands out is that your router does not have a route to 61.8.146.x network.

So you NAT 192.168.44.0 IP's to 61.8.146.97 but your router doesn't know how to get back to that network.

Could you add a router for this network and let me know how you get on.

HTH

Jon

0 Helpful

joshua.walton
Level 1
Level 1

‎05-12-2007 05:49 PM

I see your doing PAT (1 address)

Looking through your configs, your outside global needs to be mapped to the outside by either the 'interface' or IP address. The address you currently have configured is no where in the configs, 61.x.x.97. As this is a routable address, Im thinking you mistaked to use the next-hop IP address from your ISP?

global (outside) 1 192.x.1.2

or

global (outside) 1 interface

Please rate if you are satisfied.

Cheers!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card