Solved: E - outside back connection

mahesh18 · ‎06-18-2013

Hi Everyone,

When i do sh conn i see one connection with flags E

Sh connection detail shows

E - outside back connection

I checked this is connection to ISP Router carrying GRE so need to confirm when we have flag E it always mean that connection is GRE?

what does outside back mean here?

Regards

Mahesh

Jouni Forss · ‎06-18-2013

Hi,

The basic Cisco documentations are pretty vague about these. I mean there doesnt seem to be a listing of the meaning of all the flags that you can see with the "show conn detail" output.

The TCP related flags are naturally pretty obvious and there are good explanations for them but some of the others are not explained anywhere that I have seen.

It would seem to me that the "E - outside back connection" refers to a situation where you have a connection that is for example formed from the "inside" to "outside" BUT there is also an connection from the "outside" to "inside" that is part of this same connection.

I guess this is a flag for connections other than TCP.

For example attempting to to create a tunnel from my LAN to WAN forms the following 2 connections

GRE WAN x.x.x.x:1723 WLAN 10.0.255.23:21329, idle 0:00:18, bytes 0, flags E

GRE WAN x.x.x.x:512 WLAN 10.0.255.23:1723, idle 0:00:18, bytes 0, flags E

Where the "x.x.x.x" is a public IP address towards which I am forming connection.

- Jouni

View solution in original post

Jouni Forss · ‎06-18-2013

Hi,

The basic Cisco documentations are pretty vague about these. I mean there doesnt seem to be a listing of the meaning of all the flags that you can see with the "show conn detail" output.

The TCP related flags are naturally pretty obvious and there are good explanations for them but some of the others are not explained anywhere that I have seen.

It would seem to me that the "E - outside back connection" refers to a situation where you have a connection that is for example formed from the "inside" to "outside" BUT there is also an connection from the "outside" to "inside" that is part of this same connection.

I guess this is a flag for connections other than TCP.

For example attempting to to create a tunnel from my LAN to WAN forms the following 2 connections

GRE WAN x.x.x.x:1723 WLAN 10.0.255.23:21329, idle 0:00:18, bytes 0, flags E

GRE WAN x.x.x.x:512 WLAN 10.0.255.23:1723, idle 0:00:18, bytes 0, flags E

Where the "x.x.x.x" is a public IP address towards which I am forming connection.

- Jouni

mahesh18 · ‎06-19-2013

Hi Jouni,

Seems where cisco documentation ends your knowledge and real experience helps people like me.

At least you gave very helpfull info to me so i can clear my concepts of ASA.

Best regards

MAhesh