03-14-2010 10:42 PM - edited 03-11-2019 10:21 AM
Hello,
I have noticed that some entries in show conn command starting with ESP like following
ESP outside 207.241.148.226 dmz internal-server, idle 0:00:00, bytes 0
ESP outside 61.17.217.48 dmz internal-server, idle 0:00:01, bytes 0
ESP outside 64.18.2.161 dmz internal-server, idle 0:00:01, bytes 0
ESP outside 77.203.92.39 dmz internal-server, idle 0:00:04, bytes 0
ESP outside 209.85.210.178 dmz internal-server, idle 0:00:04, bytes 0
What is the meaning of this out put ?
Dileep
03-15-2010 09:57 AM
dileepsp123 wrote:
Hello,
I have noticed that some entries in show conn command starting with ESP like following
ESP outside 207.241.148.226 dmz internal-server, idle 0:00:00, bytes 0
ESP outside 61.17.217.48 dmz internal-server, idle 0:00:01, bytes 0
ESP outside 64.18.2.161 dmz internal-server, idle 0:00:01, bytes 0
ESP outside 77.203.92.39 dmz internal-server, idle 0:00:04, bytes 0
ESP outside 209.85.210.178 dmz internal-server, idle 0:00:04, bytes 0What is the meaning of this out put ?
Dileep
Dileep
ESP = Encapsulating Security Payload which is used by IPSEC for a VPN tunnel. Do you have VPN tunnels coming through your firewall ?
Jon
03-15-2010 11:21 AM
Hi Jon,
I have made some mistake in the query, actually this output was from show local-host command.
Yes , do have vpn tunnels terminated on outside interface of asa.
This is the output of show local-host internal-server
UDP outside 202.54.12.164:53 dmz internal-server:43944, idle 0:00:05, bytes 33, flags -
UDP outside 202.54.12.164:53 dmz internal-server:54644, idle 0:00:14, bytes 33, flags -
ESP outside 190.234.24.138 dmz internal-server, idle 0:00:45, bytes 0
ESP outside 182.48.196.18 dmz internal-server, idle 0:00:55, bytes 0
UDP outside 172.16.105.10:53 dmz internal-server:2038, idle 0:00:49, bytes 90, flags -
UDP outside 172.20.105.10:53 dmz internal-server:21528, idle 0:01:01, bytes 79, flags -
ESP outside 67.195.168.31 dmz internal-server, idle 0:01:10, bytes 0
TCP outside 67.195.168.31:25 dmz internal-server:34865, idle 0:00:00, bytes 3415944, flags UIO
ESP outside 65.182.191.221 dmz internal-server, idle 0:01:11, bytes 0
ESP outside 117.97.23.226 dmz internal-server, idle 0:01:18, bytes 0
ESP outside 69.63.178.191 dmz internal-server, idle 0:05:47, bytes 0
ESP outside 203.99.41.130 dmz internal-server, idle 0:06:33, bytes 0
ESP outside 188.168.78.190 dmz internal-server, idle 0:07:44, bytes 0
ESP outside 117.97.108.106 dmz internal-server, idle 3:54:06, bytes 0
TCP outside 190.234.24.138:28781 dmz internal-server:25, idle 0:00:42, bytes 330, flags UIOB
TCP outside 182.48.196.18:1210 dmz internal-server:25, idle 0:00:35, bytes 335, flags UIOB
TCP outside 117.97.23.226:57264 dmz internal-server:143, idle 0:00:49, bytes 29466, flags UIOB
output shows the connection entries made to a dmz mail server, you can see that some enties start with ESP and then connect to the actual TCP port.
Thanks
Dileep
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide