Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
877
Views
0
Helpful
2
Replies

show conn entries starting with ESP

Dileep Sivadas Padmini
Level 1
Level 1

‎03-14-2010 10:42 PM - edited ‎03-11-2019 10:21 AM

Hello,

I have noticed that some entries in show conn command starting with ESP like following

    ESP outside 207.241.148.226 dmz internal-server, idle 0:00:00, bytes 0
    ESP outside 61.17.217.48 dmz internal-server, idle 0:00:01, bytes 0
    ESP outside 64.18.2.161 dmz internal-server, idle 0:00:01, bytes 0
    ESP outside 77.203.92.39 dmz internal-server, idle 0:00:04, bytes 0
    ESP outside 209.85.210.178 dmz internal-server, idle 0:00:04, bytes 0

What is the meaning of this out put ?

Dileep

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎03-15-2010 09:57 AM 

dileepsp123 wrote:
Hello,
I have noticed that some entries in show conn command starting with ESP like following
    ESP outside 207.241.148.226 dmz internal-server, idle 0:00:00, bytes 0
    ESP outside 61.17.217.48 dmz internal-server, idle 0:00:01, bytes 0
    ESP outside 64.18.2.161 dmz internal-server, idle 0:00:01, bytes 0
    ESP outside 77.203.92.39 dmz internal-server, idle 0:00:04, bytes 0
    ESP outside 209.85.210.178 dmz internal-server, idle 0:00:04, bytes 0
What is the meaning of this out put ?
Dileep

Dileep

ESP = Encapsulating Security Payload which is used by IPSEC for a VPN tunnel. Do you have VPN tunnels coming through your firewall ?

Jon

0 Helpful

Dileep Sivadas Padmini
Level 1
Level 1
In response to Jon Marshall

‎03-15-2010 11:21 AM

Hi Jon,

I have made some mistake in the query, actually this output was from show local-host command.

Yes , do have vpn tunnels terminated on outside interface of asa.

This is the output of show local-host internal-server

UDP outside 202.54.12.164:53 dmz internal-server:43944, idle 0:00:05, bytes 33, flags -
    UDP outside 202.54.12.164:53 dmz internal-server:54644, idle 0:00:14, bytes 33, flags -
    ESP outside 190.234.24.138 dmz internal-server, idle 0:00:45, bytes 0
    ESP outside 182.48.196.18 dmz internal-server, idle 0:00:55, bytes 0
    UDP outside 172.16.105.10:53 dmz internal-server:2038, idle 0:00:49, bytes 90, flags -
    UDP outside 172.20.105.10:53 dmz internal-server:21528, idle 0:01:01, bytes 79, flags -
    ESP outside 67.195.168.31 dmz internal-server, idle 0:01:10, bytes 0
    TCP outside 67.195.168.31:25 dmz internal-server:34865, idle 0:00:00, bytes 3415944, flags UIO
    ESP outside 65.182.191.221 dmz internal-server, idle 0:01:11, bytes 0
    ESP outside 117.97.23.226 dmz internal-server, idle 0:01:18, bytes 0
    ESP outside 69.63.178.191 dmz internal-server, idle 0:05:47, bytes 0
    ESP outside 203.99.41.130 dmz internal-server, idle 0:06:33, bytes 0
    ESP outside 188.168.78.190 dmz internal-server, idle 0:07:44, bytes 0
    ESP outside 117.97.108.106 dmz internal-server, idle 3:54:06, bytes 0
    TCP outside 190.234.24.138:28781 dmz internal-server:25, idle 0:00:42, bytes 330, flags UIOB
    TCP outside 182.48.196.18:1210 dmz internal-server:25, idle 0:00:35, bytes 335, flags UIOB
    TCP outside 117.97.23.226:57264 dmz internal-server:143, idle 0:00:49, bytes 29466, flags UIOB 

output shows the connection entries made to a dmz mail server, you can see that some enties start with ESP and then connect to the actual TCP port.

Thanks

Dileep

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card