Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

WHAT IS THE MEANING OF THE FLAG "saA" during a connection establishment

Hi,

I have a pi 515 , and the next hop to it is an internet router.I have the below statements as part of the nat:

---------------------------

global (outside) 1 61.8.146.97

nat (inside) 1 192.168.44.0 255.255.255.0 0 0

---------------------------

When i try to access the lotusnotes server(in the internet cloud) through from the LAN, i get the connection disconnected and when i check the show conn details, i can find that the connection is showing the flag "saA".The next hop internet router has just got a very simple configuration.I have attached the router as well as the firewall configs,kindly suggest where could be the problem.

regards.JK

4 REPLIES

Re: WHAT IS THE MEANING OF THE FLAG "saA" during a connection es

the configs are as well attached.need help!!

regards..jk

Re: WHAT IS THE MEANING OF THE FLAG "saA" during a connection es

Hi,

As told in my first cnversation, i have also attached the show conn for a particular host from the LAN.

# sh conn detail | inc 192.168.44.123

TCP outside:63.110.19.80/1352 inside:192.168.44.123/2113 flags saA

TCP outside:63.110.19.80/1352 inside:192.168.44.123/2112 flags saA

TCP outside:63.110.19.80/1352 inside:192.168.44.123/2111 flags saA

regards..jk

Hall of Fame Super Blue

Re: WHAT IS THE MEANING OF THE FLAG "saA" during a connection es

Hi Jk

The saA shows that a syn has been sent to the server on the internet and it is waiting for a response.

There are a number of things that are not clear from the configs but one thing that stands out is that your router does not have a route to 61.8.146.x network.

So you NAT 192.168.44.0 IP's to 61.8.146.97 but your router doesn't know how to get back to that network.

Could you add a router for this network and let me know how you get on.

HTH

Jon

New Member

Re: WHAT IS THE MEANING OF THE FLAG "saA" during a connection es

I see your doing PAT (1 address)

Looking through your configs, your outside global needs to be mapped to the outside by either the 'interface' or IP address. The address you currently have configured is no where in the configs, 61.x.x.97. As this is a routable address, Im thinking you mistaked to use the next-hop IP address from your ISP?

global (outside) 1 192.x.1.2

or

global (outside) 1 interface

Please rate if you are satisfied.

Cheers!

8372
Views
0
Helpful
4
Replies