Solved

ASA :How to see the connection status

Posted on 2011-09-21
10
716 Views
Last Modified: 2012-05-12
Hi

 How to findout the connection is establsished or not in a Firewall from Source to Destination using ASA Firewall(Assume NAT and access-list are  proper).What are the commands in ASA  can give the details about the connection) ,

Assume my Internal IP is 172.16.X.X
Public IP : 212.242.23.X
Accessing the Public IP using http (port 81) : http://212.242.23.X:81

how cani find the Connection is establshed or not through ASA Firewall

Regards
Ramu
0
Comment
Question by:RAMU CH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 1

Author Comment

by:RAMU CH
ID: 36572596
What does it means when giveing the command :

NEW-TCL-ILL-FW# sh conn address 115.111.228.36
9672 in use, 106426 most used

what does it means " 9672 in use, 106426 most used"

regards
ramu
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36572627
Try 'show conn address 115.111.228.3 detailed'
That might give you some more info.
0
 
LVL 1

Author Comment

by:RAMU CH
ID: 36573484
If i do the above suggested step the output is showling as below

NEW-TCL-ILL-FW# sh conn address 115.111.228.36 detail
7702 in use, 106426 most used
Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,
       B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,
       E - outside back connection, F - outside FIN, f - inside FIN,
       G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,
       i - incomplete, J - GTP, j - GTP data, K - GTP t3-response
       k - Skinny media, M - SMTP data, m - SIP media, n - GUP
       O - outbound data, P - inside back connection, p - Phone-proxy TFTP conne
ction,
       q - SQL*Net data, R - outside acknowledged FIN,
       R - UDP SUNRPC, r - inside acknowledged FIN, S - awaiting inside SYN,
       s - awaiting outside SYN, T - SIP, t - SIP transient, U - up,
       V - VPN orphan, W - WAAS,
       X - inspected by service module

WHAT IS THE MEANING OF 7702 in use, 106426 most used

Regards
ramu
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 35

Accepted Solution

by:
Ernie Beek earned 333 total points
ID: 36573515
Please, NO SHOUTING
;)

Anyway, 7702 in use, 106426 most used means there are currently 7702 connections through the ASA and the maximum number of simultanious connections through the ASA since power on is 106426.
0
 
LVL 1

Author Comment

by:RAMU CH
ID: 36573920
Hi Ernibeek,

u r always with me and sorry for troubling you with my useless questions but i dont have any source xcept you people as i already shared that i dont want to leave small info about Firewall /VPN as i want to be expertised in that

Regards
Ramu
0
 
LVL 35

Assisted Solution

by:Ernie Beek
Ernie Beek earned 333 total points
ID: 36573936
No problem.

And by the way, there are no useless questions. Every time you learn something from asking those question means that they are useful, right?
0
 
LVL 1

Author Comment

by:RAMU CH
ID: 36574889
Tks Erniebeek

Regards
Ramu
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36574967
You're welcome.
It's always nice to encounter someone who is so eager to learn :)
0
 
LVL 5

Assisted Solution

by:Feroz Ahmed
Feroz Ahmed earned 167 total points
ID: 36915728
Hi,

To see whether the connection is established successfully from Source to Destination on ASA firewall the command is as below :

ASA#"sh int ip brief" (This command will give you whether the connection between source and destination is established successfully or not).Once you type the command the outpt genereated should give you the ip address followed by status "Administratively up " and up if it is administratively down then it should be Administratively down to make it up one should check configuration .
0
 
LVL 1

Author Closing Comment

by:RAMU CH
ID: 36998163
Thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question