Cisco ASA connection table query

secureIT · ‎04-30-2016

Hi All,

I have a default timeout configured for the connections.

Im seeing the below entry in show connections output.

Can some one tell me why am i seeing these entries... "237:28:39" and flags "-"

UDP dmz1 172.1.2.165:162 inside 10.1.1.130:162, idle 237:28:39, bytes 8946115, flags -

My configuration is as given below...

timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:10:00 half-closed 0:10:00 udp 0:01:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 1:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:00:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00

regards

Rajesh

secureIT · ‎04-30-2016

I suspect that current version 9.1(2) has to be upgraded. to 9.1(4)

Because, i can find this behavior for both UDP as well as TCP connections.

UDP dmz1 172.1.2.165:162 inside 10.1.1.130:162, idle 237:28:39, bytes 9946115, flags -
TCP dmz1 172.1.2.165:22 inside 10.1.1.11:64880, idle 245:16:17, bytes 13755432, flags UIO

Can somebody from Cisco give inputs on this ? I hope im in the right path.

~Plz rate if this is helpful :)

regards

Rajesh

secureIT · ‎06-07-2016

Above solution fixed the issue.