Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

show conn entries starting with ESP

Hello,

I have noticed that some entries in show conn command starting with ESP like following

    ESP outside 207.241.148.226 dmz internal-server, idle 0:00:00, bytes 0
    ESP outside 61.17.217.48 dmz internal-server, idle 0:00:01, bytes 0
    ESP outside 64.18.2.161 dmz internal-server, idle 0:00:01, bytes 0
    ESP outside 77.203.92.39 dmz internal-server, idle 0:00:04, bytes 0
    ESP outside 209.85.210.178 dmz internal-server, idle 0:00:04, bytes 0

What is the meaning of this out put ?

Dileep

2 REPLIES
Hall of Fame Super Blue

Re: show conn entries starting with ESP

dileepsp123 wrote:

Hello,

I have noticed that some entries in show conn command starting with ESP like following

    ESP outside 207.241.148.226 dmz internal-server, idle 0:00:00, bytes 0
    ESP outside 61.17.217.48 dmz internal-server, idle 0:00:01, bytes 0
    ESP outside 64.18.2.161 dmz internal-server, idle 0:00:01, bytes 0
    ESP outside 77.203.92.39 dmz internal-server, idle 0:00:04, bytes 0
    ESP outside 209.85.210.178 dmz internal-server, idle 0:00:04, bytes 0

What is the meaning of this out put ?

Dileep

Dileep

ESP = Encapsulating Security Payload which is used by IPSEC for a VPN tunnel. Do you have VPN tunnels coming through your firewall ?

Jon

Re: show conn entries starting with ESP

Hi Jon,

I have made some mistake in the query, actually this output was from show local-host command.

Yes , do have vpn tunnels terminated on outside interface of asa.

This is the output of show local-host internal-server

UDP outside 202.54.12.164:53 dmz internal-server:43944, idle 0:00:05, bytes 33, flags -
    UDP outside 202.54.12.164:53 dmz internal-server:54644, idle 0:00:14, bytes 33, flags -
    ESP outside 190.234.24.138 dmz internal-server, idle 0:00:45, bytes 0
    ESP outside 182.48.196.18 dmz internal-server, idle 0:00:55, bytes 0
    UDP outside 172.16.105.10:53 dmz internal-server:2038, idle 0:00:49, bytes 90, flags -
    UDP outside 172.20.105.10:53 dmz internal-server:21528, idle 0:01:01, bytes 79, flags -
    ESP outside 67.195.168.31 dmz internal-server, idle 0:01:10, bytes 0
    TCP outside 67.195.168.31:25 dmz internal-server:34865, idle 0:00:00, bytes 3415944, flags UIO
    ESP outside 65.182.191.221 dmz internal-server, idle 0:01:11, bytes 0
    ESP outside 117.97.23.226 dmz internal-server, idle 0:01:18, bytes 0
    ESP outside 69.63.178.191 dmz internal-server, idle 0:05:47, bytes 0
    ESP outside 203.99.41.130 dmz internal-server, idle 0:06:33, bytes 0
    ESP outside 188.168.78.190 dmz internal-server, idle 0:07:44, bytes 0
    ESP outside 117.97.108.106 dmz internal-server, idle 3:54:06, bytes 0
    TCP outside 190.234.24.138:28781 dmz internal-server:25, idle 0:00:42, bytes 330, flags UIOB
    TCP outside 182.48.196.18:1210 dmz internal-server:25, idle 0:00:35, bytes 335, flags UIOB
    TCP outside 117.97.23.226:57264 dmz internal-server:143, idle 0:00:49, bytes 29466, flags UIOB 

output shows the connection entries made to a dmz mail server, you can see that some enties start with ESP and then connect to the actual TCP port.

Thanks

Dileep

335
Views
0
Helpful
2
Replies