acs sh conn problem


Sat, 05/04/2013 - 02:02
May 2nd, 2013
User Badges:


Please give me the ACE.

You When you sh conn setting of the current configuration, session information is displayed.

1148798    1  in  TCP   2      ESTAB

1157580    1  out TCP   12   CLOSED

Session of the current pair have been identified.

The current session is closed, but the information of big-eye red current continues to sh conn session information.

I want to know that there are times when it may be a problem at this time

Thank you.

Jorge Bejarano Thu, 05/02/2013 - 20:47
User Badges:
  • Silver, 250 points or more


Please see the following document and the drawing called: "TCP Connection Teardown"


Then that output just shows the connection when it is being RST, but we do not have enough details.

Where do you see this behavior? Are you having any issue related to RST connections?


ajayku2 Sat, 05/04/2013 - 02:02
User Badges:
  • Cisco Employee,

If you are talking about the following connection:

1157580    1  out TCP   12   CLOSED

If you are seeing the above entry in table for a long time then it is possible that the connection is not properly closed. We also say it half closed connection.

For example ACE receives FIN it forward to the server mark the connection as closed and then it wait for FIN-ACK.

If the server does not send the FIN-ACK for some reason this entry may be there for 1 hour and then it clear after timeout.

So verify with capture if that is the case.

You can also use connection parameter map to reduce the half close session timeout to remove such entry faster.

hope that helps,

Ajay Kumar


This Document