I finally found out what "RRRRR" means.  It means the destination host sent back a reset.

Adil

nice! haven't seen 'R' yet on an ASA.
 

It happens once a year on Talk Like a Pirate Day. :-p

lol

there's now a 'like' in CSC.

Hi adil, 

If RRRR means Reset.can yo help me in identifying TTTT means, is it timeout?

CC-F1#ping tcp 10.236.20.50 8081 s 10.252.137.100 2222
Type escape sequence to abort.
Sending 5 TCP SYN requests to 10.236.20.50 port 8081
from 10.252.137.100 starting port 2222, timeout is 2 seconds:
TTTTT
Success rate is 0 percent (0/5)

Regards,

Shankar Ganesh A

Hi Marvin,

what is the source when I don't put any source in ping tcp command?

Its strange that a ping tcp is successful when I don't put any source, but fails when I put firewall's outside interface's IP.

I captured and found that in both cases its using same IP.  ...

I am confused

The source interface is by default the one that the routing table selects as the best path to the destination.

Om a firewall you cannot source a ping from, say the outside interface, to a host on the inside.

I have put a capture and can see that in both cases, source is OUTSIDE interface's IP.

But the ping is successful when I don't put any source. Its timed out when I put source as OUTSIDE interface's IP

Something seems contrary to waht I'd expect. 

Here is the output showing my firewall pining a public address.

Source from inside = fail

Source from outside = pass

Source without specifying interface = pass (uses the outside per the routing table)

asa-5512# ping inside 8.8.8.8 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
asa-5512# ping outside 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/14/20 ms
asa-5512# ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/14/20 ms
asa-5512# 

Ohh. i think you misunderstood me.

I am talking about tcp ping.

ASA# ping tcp 1.2.2.2 443

Type escape sequence to abort.

No source specified. Pinging from identity interface.

Sending 5 TCP SYN requests to 1.2.2.2 port 443

from 11.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28

************************

ASA# ping tcp 1.2.2.2 80 source 11.1.1.1 45454
 !!!!!!!  FAIL

Hello ROHIT SHARMA,

Just want to denote that in the second case you use DST PORT = 80 (HTTP)..

1) ASA# ping tcp 1.2.2.2 443

2) ASA# ping tcp 1.2.2.2 80 source 11.1.1.1 45454