I am seeing strange flags in the output of 'show conn' that seem incorrect to me, and I'm hoping someone can explain why.
According to command ref:
f =inside FIN
F =outside FIN
r =inside acknowledged FIN
R =outside acknowledged FIN
I =inbound data
O =outbound data
...so, how can I have connections with flags of: UFRIO ??
To me, this translates to a connection that is Up, has had data both In and Out, has seen a FIN from the outside, has seen the outside Acknowledge a FIN, but has NOT seen a FIN from the inside. How can the outside acknowledge a FIN that hasn't been sent?!
These connections eventually close with FIN timeout, so there is something blocking the FIN in one direction.
I have configured 'sysopt connection timewait' on all the Cisco firewalls along the path just in case these are simultaneous closes, but I still see these connections stuck for 10 minutes. I suspect a Juniper firewall, but this does not explain the odd FLAGS...
Any suggestions very welcome!