?
Solved

ASA :How to see the connection status

Posted on 2011-09-21
10
Medium Priority
?
718 Views
Last Modified: 2012-05-12
Hi

 How to findout the connection is establsished or not in a Firewall from Source to Destination using ASA Firewall(Assume NAT and access-list are  proper).What are the commands in ASA  can give the details about the connection) ,

Assume my Internal IP is 172.16.X.X
Public IP : 212.242.23.X
Accessing the Public IP using http (port 81) : http://212.242.23.X:81

how cani find the Connection is establshed or not through ASA Firewall

Regards
Ramu
0
Comment
Question by:RAMU CH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 1

Author Comment

by:RAMU CH
ID: 36572596
What does it means when giveing the command :

NEW-TCL-ILL-FW# sh conn address 115.111.228.36
9672 in use, 106426 most used

what does it means " 9672 in use, 106426 most used"

regards
ramu
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36572627
Try 'show conn address 115.111.228.3 detailed'
That might give you some more info.
0
 
LVL 1

Author Comment

by:RAMU CH
ID: 36573484
If i do the above suggested step the output is showling as below

NEW-TCL-ILL-FW# sh conn address 115.111.228.36 detail
7702 in use, 106426 most used
Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,
       B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,
       E - outside back connection, F - outside FIN, f - inside FIN,
       G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,
       i - incomplete, J - GTP, j - GTP data, K - GTP t3-response
       k - Skinny media, M - SMTP data, m - SIP media, n - GUP
       O - outbound data, P - inside back connection, p - Phone-proxy TFTP conne
ction,
       q - SQL*Net data, R - outside acknowledged FIN,
       R - UDP SUNRPC, r - inside acknowledged FIN, S - awaiting inside SYN,
       s - awaiting outside SYN, T - SIP, t - SIP transient, U - up,
       V - VPN orphan, W - WAAS,
       X - inspected by service module

WHAT IS THE MEANING OF 7702 in use, 106426 most used

Regards
ramu
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 35

Accepted Solution

by:
Ernie Beek earned 1332 total points
ID: 36573515
Please, NO SHOUTING
;)

Anyway, 7702 in use, 106426 most used means there are currently 7702 connections through the ASA and the maximum number of simultanious connections through the ASA since power on is 106426.
0
 
LVL 1

Author Comment

by:RAMU CH
ID: 36573920
Hi Ernibeek,

u r always with me and sorry for troubling you with my useless questions but i dont have any source xcept you people as i already shared that i dont want to leave small info about Firewall /VPN as i want to be expertised in that

Regards
Ramu
0
 
LVL 35

Assisted Solution

by:Ernie Beek
Ernie Beek earned 1332 total points
ID: 36573936
No problem.

And by the way, there are no useless questions. Every time you learn something from asking those question means that they are useful, right?
0
 
LVL 1

Author Comment

by:RAMU CH
ID: 36574889
Tks Erniebeek

Regards
Ramu
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36574967
You're welcome.
It's always nice to encounter someone who is so eager to learn :)
0
 
LVL 5

Assisted Solution

by:Feroz Ahmed
Feroz Ahmed earned 668 total points
ID: 36915728
Hi,

To see whether the connection is established successfully from Source to Destination on ASA firewall the command is as below :

ASA#"sh int ip brief" (This command will give you whether the connection between source and destination is established successfully or not).Once you type the command the outpt genereated should give you the ip address followed by status "Administratively up " and up if it is administratively down then it should be Administratively down to make it up one should check configuration .
0
 
LVL 1

Author Closing Comment

by:RAMU CH
ID: 36998163
Thanks
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question