ASA :How to see the connection status

Hi

 How to findout the connection is establsished or not in a Firewall from Source to Destination using ASA Firewall(Assume NAT and access-list are  proper).What are the commands in ASA  can give the details about the connection) ,

Assume my Internal IP is 172.16.X.X
Public IP : 212.242.23.X
Accessing the Public IP using http (port 81) : http://212.242.23.X:81

how cani find the Connection is establshed or not through ASA Firewall

Regards
Ramu
LVL 1
RAMU CHAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Ernie BeekConnect With a Mentor ExpertCommented:
Please, NO SHOUTING
;)

Anyway, 7702 in use, 106426 most used means there are currently 7702 connections through the ASA and the maximum number of simultanious connections through the ASA since power on is 106426.
0
 
RAMU CHAuthor Commented:
What does it means when giveing the command :

NEW-TCL-ILL-FW# sh conn address 115.111.228.36
9672 in use, 106426 most used

what does it means " 9672 in use, 106426 most used"

regards
ramu
0
 
Ernie BeekExpertCommented:
Try 'show conn address 115.111.228.3 detailed'
That might give you some more info.
0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

 
RAMU CHAuthor Commented:
If i do the above suggested step the output is showling as below

NEW-TCL-ILL-FW# sh conn address 115.111.228.36 detail
7702 in use, 106426 most used
Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,
       B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,
       E - outside back connection, F - outside FIN, f - inside FIN,
       G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,
       i - incomplete, J - GTP, j - GTP data, K - GTP t3-response
       k - Skinny media, M - SMTP data, m - SIP media, n - GUP
       O - outbound data, P - inside back connection, p - Phone-proxy TFTP conne
ction,
       q - SQL*Net data, R - outside acknowledged FIN,
       R - UDP SUNRPC, r - inside acknowledged FIN, S - awaiting inside SYN,
       s - awaiting outside SYN, T - SIP, t - SIP transient, U - up,
       V - VPN orphan, W - WAAS,
       X - inspected by service module

WHAT IS THE MEANING OF 7702 in use, 106426 most used

Regards
ramu
0
 
RAMU CHAuthor Commented:
Hi Ernibeek,

u r always with me and sorry for troubling you with my useless questions but i dont have any source xcept you people as i already shared that i dont want to leave small info about Firewall /VPN as i want to be expertised in that

Regards
Ramu
0
 
Ernie BeekConnect With a Mentor ExpertCommented:
No problem.

And by the way, there are no useless questions. Every time you learn something from asking those question means that they are useful, right?
0
 
RAMU CHAuthor Commented:
Tks Erniebeek

Regards
Ramu
0
 
Ernie BeekExpertCommented:
You're welcome.
It's always nice to encounter someone who is so eager to learn :)
0
 
Feroz AhmedConnect With a Mentor Senior Network EngineerCommented:
Hi,

To see whether the connection is established successfully from Source to Destination on ASA firewall the command is as below :

ASA#"sh int ip brief" (This command will give you whether the connection between source and destination is established successfully or not).Once you type the command the outpt genereated should give you the ip address followed by status "Administratively up " and up if it is administratively down then it should be Administratively down to make it up one should check configuration .
0
 
RAMU CHAuthor Commented:
Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.