Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5540 - 8.2.1, connection table

I am suspecting the connections entry based on the “sh conn” output.

We tested this by establishing a telnet connection to 3389 from the below IP & observed the below connections. If we close the telnet, all the below getting closed simultaneously.

This is not the behavior based on observations from our other firewalls.

sho conn | in 10.242.3.79

TCP outside 10.242.3.79(0.0.0.0):0 inside 10.236.98.106:0, idle 0:00:00, bytes 0, flags i

TCP outside 0.0.0.0(10.242.3.79):0 inside 0.0.0.0:0, idle 0:00:00, bytes 0, flags i

TCP outside 10.242.3.79:63837 inside 10.236.98.106:3389, idle 0:00:00, bytes 0, flags UB

Can someone let me know why is this 0.0.0.0 appears in the connection table. There are lots of similar connections (with flag "i") appears in the table.

We are using the software version 8.2.1.

Regards,
Guru

1 REPLY
Cisco Employee

Re: ASA 5540 - 8.2.1, connection table

Guru,

If you do a "sh conn detail" and just hit enter you will see all the flags and details.

kusankar-asa5505# sh conn det
7 in use, 148 most used
Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,
       B - initial SYN from outside, b - TCP state-bypass or nailed, C - CTIQBE media,
       D - DNS, d - dump, E - outside back connection, F - outside FIN, f - inside FIN,
       G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,
      i - incomplete, J - GTP, j - GTP data, K - GTP t3-response
       k - Skinny media, M - SMTP data, m - SIP media, n - GUP
       O - outbound data, P - inside back connection, p - Phone-proxy TFTP connection,
       q - SQL*Net data, R - outside acknowledged FIN,
       R - UDP SUNRPC, r - inside acknowledged FIN, S - awaiting inside SYN,
       s - awaiting outside SYN, T - SIP, t - SIP transient, U - up,
       V - VPN orphan, W - WAAS,
       X - inspected by service module

-KS

723
Views
0
Helpful
1
Replies
CreatePlease to create content