Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

sh conn output in FWSM

"Show conn" output shows the fowlloing two connections.

TCP out 64.86.101.231:80 in 192.168.74.96:3018 idle 0:06:03 Bytes 49830 FLAGS - FRUOI

TCP out 207.46.7.8:80 in 172.16.11.38:1173 idle 0:00:03 Bytes 1635954 FLAGS - UOI

Is the Flag value UOI or UBOI or FRUOI has any meaning? We are troubleshooting an issue where I found lots of these flags. Please let me know the same

4 REPLIES
New Member

Re: sh conn output in FWSM

New Member

Re: sh conn output in FWSM

Hi, Thanks for this information.

We have a unique problem in our network. DNS queries are not resolving intermittently. Everything works fine for a day. And suddenly nobidy can able to connect to the internet. Once we issue command "Clear xlate" on the FWSM we are able to go to the internet for one more day. We have FWSM as our firewall and all the hosts inside the network are PATed. Our internal DNS Server is pointed to the outside DNS server 4.2.2.2 for outside queries. So for every queries internal DNS will send the query to the outside DNS. This is the setup.

During the problem, we captured the Connections in FWSM by

"Sh conn" command

it shows lots of following DNS connections

UDP out 4.2.2.3:53 in 172.16.5.28:3869 idle 0:00:42 Bytes 36

FLAGS - D

UDP out 4.2.2.1:53 in 172.16.5.29:1869 idle 0:00:50 Bytes 36

FLAGS - D

UDP out 4.2.2.3:53 in 172.16.5.28:3869 idle 0:01:12 Bytes 36

FLAGS - D

UDP out 4.2.2.1:53 in 172.16.5.29:1869 idle 0:01:33 Bytes 36

FLAGS - D

UDP out 4.2.2.1:53 in 172.16.5.29:1869 idle 0:01:24 Bytes 36

FLAGS - D

UDP out 4.2.2.3:53 in 172.16.5.28:3869 idle 0:00:29 Bytes 36

FLAGS - D

UDP out 4.2.2.2:53 in 172.16.5.29:1869 idle 0:00:49 Bytes 36

FLAGS - D

UDP out 4.2.2.3:53 in 172.16.5.28:3869 idle 0:01:51 Bytes 36

FLAGS - D

UDP out 4.2.2.2:53 in 172.16.5.29:1869 idle 0:00:48 Bytes 36

FLAGS - D

UDP out 4.2.2.2:53 in 172.16.5.29:1869 idle 0:01:47 Bytes 36

FLAGS - D

UDP out 4.2.2.3:53 in 172.16.5.28:3869 idle 0:00:24 Bytes 36

FLAGS - D

UDP out 4.2.2.1:53 in 172.16.5.29:1869 idle 0:01:47 Bytes 36

FLAGS - D

UDP out 192.168.255.255:138 in 192.168.18.20:138 idle 0:00:46 Bytes 2946

FLAGS -

UDP out 4.2.2.2:53 in 172.16.5.29:1869 idle 0:00:23 Bytes 36

FLAGS - D

UDP out 4.2.2.1:53 in 172.16.5.29:1869 idle 0:01:50 Bytes 36

FLAGS - D

UDP out 4.2.2.2:53 in 172.16.5.29:1869 idle 0:01:23 Bytes 36

FLAGS - D

UDP out 4.2.2.1:53 in 172.16.5.29:1869 idle 0:00:27 Bytes 36

FLAGS - D

once you do "Clear xlate" everything is normal.

Please let me know if anybody knows what the issue was ?

Thanks

New Member

Re: sh conn output in FWSM

I think due to short lived nature of the DNS connections you might be running out of xlates. Can you try using NAT for a couple of hosts to see if it's not a PAT issue ?

New Member

Re: sh conn output in FWSM

No we tried that also, Because we cannot able to browse from the server which is having separate Public IP (Static NAT).

1459
Views
0
Helpful
4
Replies