I am seeing strange flags in the output of 'show conn' that seem incorrect to me, and I'm hoping someone can explain why.
According to command ref:
f =inside FIN
F =outside FIN
r =inside acknowledged FIN
R =outside acknowledged FIN
I =inbound data
O =outbound data
...so, how can I have connections with flags of: UFRIO ??
To me, this translates to a connection that is Up, has had data both In and Out, has seen a FIN from the outside, has seen the outside Acknowledge a FIN, but has NOT seen a FIN from the inside. How can the outside acknowledge a FIN that hasn't been sent?!
These connections eventually close with FIN timeout, so there is something blocking the FIN in one direction.
I have configured 'sysopt connection timewait' on all the Cisco firewalls along the path just in case these are simultaneous closes, but I still see these connections stuck for 10 minutes. I suspect a Juniper firewall, but this does not explain the odd FLAGS...
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...