Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Connection Cache

Most servers are blocked by the access list. If a server is allowed to bypass the access list and a connection is created. Where does the connection cached in the FWSM?

5 REPLIES
Hall of Fame Super Blue

Re: Connection Cache

Hi

If i understand you correctly the FWSM will keep the connection record in it's state table for as long as the connection is active.

Is there something more specific you were looking for ?

Jon

New Member

Re: Connection Cache

What is exactly in the state table? Is there a way I can view the state table? I have other questions after this but first I neeed to understand this step first. Thanks in advance for your reply.

Hall of Fame Super Blue

Re: Connection Cache

As far as i know the way to view the present state table is to do a "sh conn" on your FWSM. This will show you all the current connections the FWSM is keeping track of and if TCP connections the TCP flags.

Edit - sorrydidn't answer the first bit. The state table is how a stateful firewall keeps track of connections. So a simple example would

client on inside telnets to a server on outside. FWSM records the client IP address, the client port number, the destination IP address, the destination port number (which will be 23 in this case) and the TCP flag which for the initial packet will be a SYN flag.

When the server responds the TCP flag will be a SYN/ACK and because the firewall has an entry in it's state table for the corresponding SYN it will allow it through.

Note that if a server on the outside sent a SYN/ACK packet but there was no corresponding SYN packet in it's state table it would drop the packet.

Jon

New Member

Re: Connection Cache

Thanks.

If there is a connection from inside server 10.10.10.1 to outside server 20.20.20.1 on port 23. The traffic is flowing. The flow is recorded in the state table. What will happen if another connection is opened from server 10.10.10.1 to another outside server 30.30.30.1 by telnet or ftp? Now what is recorded in the state table?

Will these two statements recorded in the state table?

10.10.10.1->30.30.30.1 on port 23

10.10.10.1->20.20.20.1 on port 23

If this happen, does this kill the flow from 10.10.10.1 to 20.20.20.1?

Regards,

Hall of Fame Super Blue

Re: Connection Cache

Hi

No it doesn't kill the flow because all the information is recorded in the state table. So in your example the destination address is different so it the 2 connections can be seen as separate int the state table.

But let's go one further

10.10.10.1 opens a telnet connection to 20.20.20.1.

10.10.10.1 open an ssh connection to 20.20.20.1.

Both these are also separate

10.10.10.1 -> 20.20.20.1 23

10.10.10.1 -> 20.20.20.1 22

And one step further

10.10.10.1 opens a telnet connection to 20.20.20.1

10.10.10.1 opens another telnet connection to 20.20.20.1

Again these are kept separate because although i haven't included them in the examples so far, the source port is also recorded so

10.10.10.1 2551 20.20.20.1 23

10.10.10.1 2661 20.20.20.1 23

Hope this makes sense

Jon

152
Views
15
Helpful
5
Replies
CreatePlease login to create content