cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2234
Views
0
Helpful
5
Replies

ASA interface name and nameif are different

mahesh18
Level 6
Level 6

Hi Everyone,

On one of ASA  i have this config say

interface BCISCO

nameif CISCO

ip address 192.168.x.x 255.255.0.0 standby IP 192.168.x.x

Need to understand why we have interface and nameif different here?

Also when i try to access ASA  by ASDM to ASA  from internal network log shows

built inbound TCP connection for ASA interface.

So need to know whenever we access ASA  from internal network it will say inbound connection?

Or there are some criteria that tells when connection is inbound to ASA?

Thanks

MAhesh

3 Accepted Solutions

Accepted Solutions

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

Is this ASA running in Multiple Context Mode?

In the System Context space where you create a Security Context and use the "allocate-interface" command, it lets you give the interface a name instead of the typical interface type which you usually see.

The command might look something like this

context

allocate-interface BCISCO

Can you share the example log messages?

I would imagine that you are talking about the Syslog message with which the ASA tells that some host is connecting to the ASA with ASDM? Then it would be natural that the host is connecting an "inbound" connection to the ASA

- Jouni

View solution in original post

Jouni Forss
VIP Alumni
VIP Alumni

Also,

Here is the description of the log message which I assume you are seeing

Read the latter part of the below text to see the definition of "inbound" vs. "outbound"

302013

Error Message    %ASA-6-302013: Built {inbound|outbound} TCP connection_id for 
interface:real-address/real-port (mapped-address/mapped-port) to 
interface:real-address/real-port (mapped-address/mapped-port) [(user)]

Explanation    A TCP connection slot between two hosts was created.

connection_id —A unique identifier

interface, real-address, real-port—The actual sockets

mapped-address, mapped-port—The mapped sockets

user—The AAA name of the user

If inbound is specified, the original control connection was initiated  from the outside. For example, for FTP, all data transfer channels are  inbound if the original control channel is inbound. If outbound is  specified, the original control connection was initiated from the  inside.

Recommended Action    None required.

- Jouni

View solution in original post

Hi,

I cant say the reason for sure.

Seems to me that one connections is first built and then its teardown. Right after it another connection is built and teardown.

Here is one TCP connection building and teardown

67            2013/04/17 10:10:56.343 MST     192.168.100.12  Apr 17  2013 17:10:55:  %ASA-6-106015: Deny TCP (no connection) from  192.168.100.17/62285 to  192.168.100.12/443 flags FIN ACK  on interface  Net

66            2013/04/17 10:10:56.343 MST     192.168.100.12  Apr  17 2013 17:10:55:  %ASA-6-302014: Teardown TCP connection 11283684 for   Net:192.168.100.17/62285 to identity:192.168.100.12/443 duration  0:00:03  bytes 381 TCP Reset-O

65           2013/04/17  10:10:56.343  MST     192.168.100.12  Apr 17 2013 17:10:55:  %ASA-6-605005: Login  permitted from 192.168.100.17/62285 to  Net:192.168.100.12/https for user  "cisco"

62           2013/04/17  10:10:52.733 MST     192.168.100.12  Apr  17 2013 17:10:51:  %ASA-6-302013: Built inbound TCP connection 11283684  for  Net:192.168.100.17/62285 (192.168.100.17/62285) to   identity:192.168.100.12/443 (192.168.100.12/443)

Here is the next connection building and teardown

71           2013/04/17 10:10:59.640 MST     192.168.100.12  Apr 17  2013 17:10:58: %ASA-6-106015: Deny TCP (no connection) from  192.168.100.17/62286 to 192.168.100.12/443 flags FIN ACK  on interface  Net

70           2013/04/17 10:10:59.640 MST     192.168.100.12   Apr 17 2013 17:10:58: %ASA-6-302014: Teardown TCP connection 11283774  for Net:192.168.100.17/62286 to identity:192.168.100.12/443 duration  0:00:03 bytes 381 TCP Reset-O

69           2013/04/17 10:10:59.640  MST     192.168.100.12  Apr 17 2013 17:10:58: %ASA-6-605005: Login  permitted from 192.168.100.17/62286 to Net:192.168.100.12/https for user  "cisco"

68           2013/04/17 10:10:56.343 MST      192.168.100.12  Apr 17 2013 17:10:55: %ASA-6-302013: Built inbound TCP  connection 11283774 for Net:192.168.100.17/62286 (192.168.100.17/62286)  to identity:192.168.100.12/443 (192.168.100.12/443)

In both cases it seems to me that the ASA has already removed the connection when the host is still in the process of closing the connection.

- Jouni

View solution in original post

5 Replies 5

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

Is this ASA running in Multiple Context Mode?

In the System Context space where you create a Security Context and use the "allocate-interface" command, it lets you give the interface a name instead of the typical interface type which you usually see.

The command might look something like this

context

allocate-interface BCISCO

Can you share the example log messages?

I would imagine that you are talking about the Syslog message with which the ASA tells that some host is connecting to the ASA with ASDM? Then it would be natural that the host is connecting an "inbound" connection to the ASA

- Jouni

Hi Jouni,

yes it is in context mode

72           2013/04/17 10:10:59.640 MST     192.168.100.12  Apr 17 2013 17:10:58: %ASA-6-302013: Built inbound TCP connection 11283929 for Net:192.168.100.17/62287 (192.168.100.17/62287) to identity:192.168.100.12/443 (192.168.100.12/443)

71           2013/04/17 10:10:59.640 MST     192.168.100.12  Apr 17 2013 17:10:58: %ASA-6-106015: Deny TCP (no connection) from 192.168.100.17/62286 to 192.168.100.12/443 flags FIN ACK  on interface Net

70           2013/04/17 10:10:59.640 MST     192.168.100.12  Apr 17 2013 17:10:58: %ASA-6-302014: Teardown TCP connection 11283774 for Net:192.168.100.17/62286 to identity:192.168.100.12/443 duration 0:00:03 bytes 381 TCP Reset-O

69           2013/04/17 10:10:59.640 MST     192.168.100.12  Apr 17 2013 17:10:58: %ASA-6-605005: Login permitted from 192.168.100.17/62286 to Net:192.168.100.12/https for user "cisco"

68           2013/04/17 10:10:56.343 MST     192.168.100.12  Apr 17 2013 17:10:55: %ASA-6-302013: Built inbound TCP connection 11283774 for Net:192.168.100.17/62286 (192.168.100.17/62286) to identity:192.168.100.12/443 (192.168.100.12/443)

67           2013/04/17 10:10:56.343 MST     192.168.100.12  Apr 17 2013 17:10:55: %ASA-6-106015: Deny TCP (no connection) from 192.168.100.17/62285 to 192.168.100.12/443 flags FIN ACK  on interface Net

66           2013/04/17 10:10:56.343 MST     192.168.100.12  Apr 17 2013 17:10:55: %ASA-6-302014: Teardown TCP connection 11283684 for Net:192.168.100.17/62285 to identity:192.168.100.12/443 duration 0:00:03 bytes 381 TCP Reset-O

65           2013/04/17 10:10:56.343 MST     192.168.100.12  Apr 17 2013 17:10:55: %ASA-6-605005: Login permitted from 192.168.100.17/62285 to Net:192.168.100.12/https for user "cisco"

64           2013/04/17 10:10:56.343 MST     192.168.100.12  Apr 17 2013 17:10:55: %ASA-6-606001: ASDM session number 0 from 192.168.100.17 started

63           2013/04/17 10:10:56.343 MST     192.168.100.12  Apr 17 2013 17:10:55: %ASA-6-605005: Login permitted from 192.168.100.17/62284 to Net:192.168.100.12/https for user "cisco"

62           2013/04/17 10:10:52.733 MST     192.168.100.12  Apr 17 2013 17:10:51: %ASA-6-302013: Built inbound TCP connection 11283684 for Net:192.168.100.17/62285 (192.168.100.17/62285) to identity:192.168.100.12/443 (192.168.100.12/443)

61           2013/04/17 10:10:52.718 MST     192.168.100.12  Apr 17 2013 17:10:51: %ASA-6-302013: Built inbound TCP connection 11283681 for Net:192.168.100.17/62284 (192.168.100.17/62284) to identity:192.168.100.12/443 (192.168.100.12/443)

60           2013/04/17 10:10:52.515 MST     192.168.100.12  Apr 17 2013 17:10:51: %ASA-6-106015: Deny TCP (no connection) from 192.168.100.17/62283 to 192.168.100.12/443 flags FIN ACK  on interface Net

59           2013/04/17 10:10:52.515 MST     192.168.100.12  Apr 17 2013 17:10:51: %ASA-6-302014: Teardown TCP connection 11283636 for Net:192.168.100.17/62283 to identity:192.168.100.12/443 duration 0:00:02 bytes 806 TCP Reset-O

58           2013/04/17 10:10:52.515 MST     192.168.100.12  Apr 17 2013 17:10:51: %ASA-6-605005: Login permitted from 192.168.100.17/62283 to Net:192.168.100.12/https for user "cisco"

57           2013/04/17 10:10:52.358 MST     192.168.100.12  Apr 17 2013 17:10:51: %ASA-6-606003: ASDM logging session number 0 from 192.168.100.17 started

56           2013/04/17 10:10:52.358 MST     192.168.100.12  Apr 17 2013 17:10:51: %ASA-6-605005: Login permitted from 192.168.100.17/62282 to Net:192.168.100.12/https for user "cisco"

55           2013/04/17 10:10:50.374 MST     192.168.100.12  Apr 17 2013 17:10:49: %ASA-6-302013: Built inbound TCP connection 11283636 for Net:192.168.100.17/62283 (192.168.100.17/62283) to identity:192.168.100.12/443 (192.168.100.12/443)

54           2013/04/17 10:10:50.140 MST     192.168.100.12  Apr 17 2013 17:10:49: %ASA-6-302013: Built inbound TCP connection 11283629 for Net:192.168.100.17/62282 (192.168.100.17/62282) to identity:192.168.100.12/443 (192.168.100.12/443)

53           2013/04/17 10:10:50.108 MST     192.168.100.12  Apr 17 2013 17:10:49: %ASA-6-106015: Deny TCP (no connection) from 192.168.100.17/62281 to 192.168.100.12/443 flags FIN ACK  on interface Net

52           2013/04/17 10:10:50.108 MST     192.168.100.12  Apr 17 2013 17:10:49: %ASA-6-302014: Teardown TCP connection 11283529 for Net:192.168.100.17/62281 to identity:192.168.100.12/443 duration 0:00:02 bytes 3107 TCP Reset-O

51           2013/04/17 10:10:49.937 MST     192.168.100.12  Apr 17 2013 17:10:49: %ASA-6-605005: Login permitted from 192.168.100.17/62281 to Net:192.168.100.12/https for user "cisco"

50           2013/04/17 10:10:47.640 MST     192.168.100.12  Apr 17 2013 17:10:46: %ASA-6-302013: Built inbound TCP connection 11283529 for Net:192.168.100.17/62281 (192.168.100.17/62281) to identity:192.168.100.12/443 (192.168.100.12/443)

Where interface NET is ASA interface with IP 192.168.100.12

192.168.100.17 is MY PC IP

This is log while i access the ASA  by https.

Can you please tell in logs why it has repeat logs for example

ASDM logging session started  it has this line 2 times

Thanks

MAhesh

Hi,

I cant say the reason for sure.

Seems to me that one connections is first built and then its teardown. Right after it another connection is built and teardown.

Here is one TCP connection building and teardown

67            2013/04/17 10:10:56.343 MST     192.168.100.12  Apr 17  2013 17:10:55:  %ASA-6-106015: Deny TCP (no connection) from  192.168.100.17/62285 to  192.168.100.12/443 flags FIN ACK  on interface  Net

66            2013/04/17 10:10:56.343 MST     192.168.100.12  Apr  17 2013 17:10:55:  %ASA-6-302014: Teardown TCP connection 11283684 for   Net:192.168.100.17/62285 to identity:192.168.100.12/443 duration  0:00:03  bytes 381 TCP Reset-O

65           2013/04/17  10:10:56.343  MST     192.168.100.12  Apr 17 2013 17:10:55:  %ASA-6-605005: Login  permitted from 192.168.100.17/62285 to  Net:192.168.100.12/https for user  "cisco"

62           2013/04/17  10:10:52.733 MST     192.168.100.12  Apr  17 2013 17:10:51:  %ASA-6-302013: Built inbound TCP connection 11283684  for  Net:192.168.100.17/62285 (192.168.100.17/62285) to   identity:192.168.100.12/443 (192.168.100.12/443)

Here is the next connection building and teardown

71           2013/04/17 10:10:59.640 MST     192.168.100.12  Apr 17  2013 17:10:58: %ASA-6-106015: Deny TCP (no connection) from  192.168.100.17/62286 to 192.168.100.12/443 flags FIN ACK  on interface  Net

70           2013/04/17 10:10:59.640 MST     192.168.100.12   Apr 17 2013 17:10:58: %ASA-6-302014: Teardown TCP connection 11283774  for Net:192.168.100.17/62286 to identity:192.168.100.12/443 duration  0:00:03 bytes 381 TCP Reset-O

69           2013/04/17 10:10:59.640  MST     192.168.100.12  Apr 17 2013 17:10:58: %ASA-6-605005: Login  permitted from 192.168.100.17/62286 to Net:192.168.100.12/https for user  "cisco"

68           2013/04/17 10:10:56.343 MST      192.168.100.12  Apr 17 2013 17:10:55: %ASA-6-302013: Built inbound TCP  connection 11283774 for Net:192.168.100.17/62286 (192.168.100.17/62286)  to identity:192.168.100.12/443 (192.168.100.12/443)

In both cases it seems to me that the ASA has already removed the connection when the host is still in the process of closing the connection.

- Jouni

Jouni Forss
VIP Alumni
VIP Alumni

Also,

Here is the description of the log message which I assume you are seeing

Read the latter part of the below text to see the definition of "inbound" vs. "outbound"

302013

Error Message    %ASA-6-302013: Built {inbound|outbound} TCP connection_id for 
interface:real-address/real-port (mapped-address/mapped-port) to 
interface:real-address/real-port (mapped-address/mapped-port) [(user)]

Explanation    A TCP connection slot between two hosts was created.

connection_id —A unique identifier

interface, real-address, real-port—The actual sockets

mapped-address, mapped-port—The mapped sockets

user—The AAA name of the user

If inbound is specified, the original control connection was initiated  from the outside. For example, for FTP, all data transfer channels are  inbound if the original control channel is inbound. If outbound is  specified, the original control connection was initiated from the  inside.

Recommended Action    None required.

- Jouni

Thanks a lot Jouni,

Regards

MAhesh

Review Cisco Networking for a $25 gift card